MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8bd5cafdfa9c01d0ad20e70603f2b82b65de4c44c837ebe2fff55b25b822d6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8bd5cafdfa9c01d0ad20e70603f2b82b65de4c44c837ebe2fff55b25b822d6f
SHA3-384 hash: 77a746bb85a4848cdfe06a9582167548696d14911f93f1183988dd56abbf6705a380e205ba1a0a58500a44d56068bf96
SHA1 hash: 4c5738c84ebae1bcbe69ca4425354a4168ec4df6
MD5 hash: c231d13ccb8d273676c58c3d5466b3d0
humanhash: crazy-friend-shade-paris
File name:BANK DETAILS.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:694'323 bytes
First seen:2021-07-13 09:13:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:41k4hM2Hsq/qZVDD3oiOkhBNj3vb3yoA00Y/Om0QEMcNAB7:ghMFSqZVDD3ofkhBBb33ZL/O/Q5cKB7
TLSH T1D7E433208BAE71D5EAA31349D13C08DF862679DB9DA88CC5FC930BCC96C0D1E9FE5549
Reporter cocaman
Tags:r15 rar


Avatar
cocaman
Malicious email (T1566.001)
From: "operacioneslog@dobleasa.com.ar" (likely spoofed)
Received: "from dobleasa.com.ar (unknown [185.222.57.156]) "
Date: "13 Jul 2021 10:29:50 +0200"
Subject: "PAYMENT INSTRUCTIONSoperacioneslog@dobleasa.com.ar"
Attachment: "BANK DETAILS.r15"

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8bd5cafdfa9c01d0ad20e70603f2b82b65de4c44c837ebe2fff55b25b822d6f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 09:14:13 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zc6vzl67vhab2cwsbzygapzlqk3f3zgejsbx5prp75k3ew4cfvxq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210713-eqqq3km3pe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Contains code to disable Windows Defender
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c8bd5cafdfa9c01d0ad20e70603f2b82b65de4c44c837ebe2fff55b25b822d6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c8bd5cafdfa9c01d0ad20e70603f2b82b65de4c44c837ebe2fff55b25b822d6f

(this sample)

AgentTesla

Executable exe d40a1a56665b463436106e1b12cdcb4c757bc765608c23c7425abfc8011a1bf4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d40a1a56665b463436106e1b12cdcb4c757bc765608c23c7425abfc8011a1bf4

Comments