MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba0083d512b563b83f2ebb09a124c41bb42ba9fb92490e8efec111037e4171b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	ba0083d512b563b83f2ebb09a124c41bb42ba9fb92490e8efec111037e4171b5
SHA3-384 hash:	a3e9bf659ab8a2bb4fcb11eaa7894616c6932e7ef407f477a513dd7847efc7f600676d49fdc01f3337d98ba4241d0360
SHA1 hash:	045336fcb60af32d49e3fca8ce8f6b4906f50a1d
MD5 hash:	8e244a30db4f13b3c7ade1b5373995a6
humanhash:	mockingbird-wolfram-music-summer
File name:	Bank TT Copy.iso
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	780'288 bytes
First seen:	2021-06-09 06:15:04 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	12288:yyUkX15t7PvH8bFvfsujwF3HlMV40JllefiJlY9jkMyVCcCLl4+8Qo7WdvnaCU:y/v4F3HUSirYRuvCRL8Qoyd
TLSH	B8F4E025224C8A55E17E9336A0B1110443F0F547E722EA4DFEDC58DA2FA37C2A36FA57
Reporter	cocaman
Tags:	iso

cocaman

Malicious email (T1566.001)
From: "Mazen Jaber <info@server-celebrate.xyz>" (likely spoofed)
Received: "from box.server-celebrate.xyz (box.server-celebrate.xyz [142.93.99.134]) "
Date: "Wed, 09 Jun 2021 05:51:42 +0100"
Subject: "Urgent!!! Our Payment (39.750,00 USD)"
Attachment: "Bank TT Copy.iso"

Intelligence

File Origin

# of uploads :

# of downloads :

203

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Scr.Malcodegdn30.21060.10234.UNOFFICIAL

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ba0083d512b563b83f2ebb09a124c41bb42ba9fb92490e8efec111037e4171b5/

Threat name:

Win32.Trojan.Woreflint

Status:

Malicious

First seen:

2021-06-09 06:15:13 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

8 of 47 (17.02%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xiaihviswvr3qpzoxme2cjgedo2cxkp3sjeq5dx6yeiqg7sbog2q._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/210609-55r6arp9fa/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/ba0083d512b563b83f2ebb09a124c41bb42ba9fb92490e8efec111037e4171b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso ba0083d512b563b83f2ebb09a124c41bb42ba9fb92490e8efec111037e4171b5

(this sample)

AgentTesla

exe 3a0fccb87c875ff0038def1012996cdc15c18559073a2ee1a4521177fbf373ca

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 3a0fccb87c875ff0038def1012996cdc15c18559073a2ee1a4521177fbf373ca

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample