MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7b22af7957f4b6450d4469db89818518d393ac79a05e74ae702b0b5454cc236. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7b22af7957f4b6450d4469db89818518d393ac79a05e74ae702b0b5454cc236
SHA3-384 hash: cf70e93f2567dbc52225e0530fea3cc5461a7683d698a66c934371d7ed6a8f92ec131c4bc859cf3132e589d80e59c39e
SHA1 hash: e8e199dedcee6d5ab1523cdb8daeb226130176e4
MD5 hash: 910f05cbb5ba70f6ab379e2a5e39f72b
humanhash: july-early-lithium-butter
File name:DEBIT NOTE.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:460'968 bytes
First seen:2022-01-18 08:15:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:iN3IQa2/+lmvW+UCxG0uFt7rEWd9QvmPQ0/gowXEb2YOypMfj:iN3IE/+l2WFCtunrEWd+YQ0/9wX1yC
TLSH T1EBA423DDADD54BCB480C3E4600E6520D4DA439BA8F8FD16211DD93F04F4AB1A8CAA9E7
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "davidwong@qts-group.com" (likely spoofed)
Received: "from qts-group.com (unknown [103.89.88.177]) "
Date: "18 Jan 2022 00:12:22 -0800"
Subject: "REPORT AND DEBIT NOTE"
Attachment: "DEBIT NOTE.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
control.exe obfuscated packed
Link:
https://www.filescan.io/uploads/61e67748f81da814af8b9f2b/reports/7f86f8c5-802b-4d69-b5ef-ef4e0e3dab01/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7b22af7957f4b6450d4469db89818518d393ac79a05e74ae702b0b5454cc236/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-18 08:16:11 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6zcv54vp5fwiugui2o3rgaykggtsowhtic6osxhakylkrkmyi3a._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/220118-j555waadgk/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.84
Link:
https://yomi.yoroi.company/submissions/c7b22af7957f4b6450d4469db89818518d393ac79a05e74ae702b0b5454cc236

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c7b22af7957f4b6450d4469db89818518d393ac79a05e74ae702b0b5454cc236

(this sample)

AgentTesla

Executable exe 8d42c95e56474e1c3500e5d52f45c853a0b9f9724a2cdbb2eb3d986057b1978d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d42c95e56474e1c3500e5d52f45c853a0b9f9724a2cdbb2eb3d986057b1978d
  
Dropping
AgentTesla

Comments