MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f
SHA3-384 hash: 68aaa840c4e0c0b905b7a7586b55aa66a11c85b977d88c901aeaa16da2d35b9fa2d9c23d13f3fa0df7a84349df3f0f0b
SHA1 hash: 73eb22ed7774172ddb3d7ac0a689f809eeb86957
MD5 hash: 48f052905ecb341dd62327b8a1e5bdfb
humanhash: oven-steak-don-december
File name:SOA.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'970 bytes
First seen:2021-06-05 07:23:39 UTC
Last seen:2021-06-07 05:44:42 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:ff2v4TsTlROZOrepUiHVxfTufDtf9wE46MsAzOp:fspROgrMUSjSHwE/lA2
TLSH 20942364B27AB6016DD951BE4B18B0DBFD15B20BC402BC774C95CAACAC226BB4D3D1F1
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Ms. Joyce Ji"<info@jcwsteel.com>" (likely spoofed)
Received: "from jcwsteel.com (unknown [185.222.58.149]) "
Date: "05 Jun 2021 21:59:26 -0700"
Subject: "=?UTF-8?B?UmU6IHVwZGF0ZWQgU09BIGFzIG9mIHRvZGF5wqA=?="
Attachment: "SOA.zip"

Intelligence

File Origin
# of uploads :
4
# of downloads :
680
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1292.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-04 14:47:32 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yculnxguzni6kan2qsfoit5yojvnyv34mb7c7getxodqrms5i47q._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210605-e437pajwl2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c0a8b6dcd4cb51e501ba848ae44fb8726adc577c607e2f9893bb8708b25d473f

(this sample)

AgentTesla

Executable exe 7844f8e99c518c7f761279ffb94e60c331c974bf3a0c78fcd3a1d397fceebdd8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7844f8e99c518c7f761279ffb94e60c331c974bf3a0c78fcd3a1d397fceebdd8
  
Dropping
AgentTesla

Comments