MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0
SHA3-384 hash: 05d034dea128f6d9177a5da968a6cd0e9a1896d984c1d18b0c529b1f663c75bb206aed67e89d4cb037436c9b917957d1
SHA1 hash: 7eee05a070eaf6060f0f1200c613634f40639dcf
MD5 hash: 40db126887fefa12fc5c9b0a6f4ad1ef
humanhash: two-london-september-robin
File name:drawings-pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:475'678 bytes
First seen:2021-05-05 05:41:42 UTC
Last seen:2021-05-05 05:42:11 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:3dG104ndZ3Fj/hP46012RCK3qVwrxZK7LdEBRwhIg6:3YRVeQRz3qoxZKSWha
TLSH 9DA423710D604FE29815099276D83F32A53F3FAEDCE0D585306F9149BAB22E279DE349
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "info@hbkaixuan.com" (likely spoofed)
Received: "from hbkaixuan.com (unknown [103.139.44.91]) "
Date: "4 May 2021 22:40:41 -0700"
Subject: "Inquiry Reff: MSEL/H.Arm/280421"
Attachment: "drawings-pdf.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-05 02:45:10 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xvtesxyib42rx3rryaczpxcdnzzxxprenc66222dcmef3k7lj2ya._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210505-a917nsb9qx/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.55
Link:
https://yomi.yoroi.company/submissions/bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bd66495f080f351bee31c00597dc436e737bbe2468bded6b4313085dabeb4eb0

(this sample)

AgentTesla

Executable exe b6c4befa1899e59c6792b871342800705a2f630ee72a04ed2b1c9c5cb69b40e5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b6c4befa1899e59c6792b871342800705a2f630ee72a04ed2b1c9c5cb69b40e5

Comments