MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbc1a87cf822070c64227c1f2b2485692bc75a4ba7d0f141e6d25e9f264336c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbc1a87cf822070c64227c1f2b2485692bc75a4ba7d0f141e6d25e9f264336c2
SHA3-384 hash: 4168bb6923451b07202425111caa397b827e8e1df54572e5deda1d82a75e849f7c1980d731ac1337d23cf2ee9a030abb
SHA1 hash: 1929d760b88f36004ee5a086a00365160e895a77
MD5 hash: f14295060cd9bc5cd0ddc19f7125c6f7
humanhash: avocado-single-edward-indigo
File name:APRIL NEW ORDER 2022.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:563'312 bytes
First seen:2022-04-22 06:46:23 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:HKXIaW30QeaggLaNIdB4IZxNpMHUTyHYHV/G3C7CGTYUe/h0E3:H8Wkj6MQnPWHU6YV/e9RZ0Y
TLSH T19BC4236C1BC61CD8562D28EC73941B95DC5181C8AAEEA48977E5E88FBE7F02D708033D
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Friday Robot <friday.robert@outreachmedialtd.net>" (likely spoofed)
Received: "from outreachmedialtd.net (unknown [212.192.241.113]) "
Date: "22 Apr 2022 02:24:34 +0200"
Subject: "APRIL PURCHASE ORDER NEW 2022,TREAT AS URGENT"
Attachment: "APRIL NEW ORDER 2022.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1298.9997.25494.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
obfuscated packed pos
Link:
https://www.filescan.io/uploads/62624f76ffe27d51192cb939/reports/96c43e6a-3b03-404e-ab26-4857e68377da/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cbc1a87cf822070c64227c1f2b2485692bc75a4ba7d0f141e6d25e9f264336c2/
Threat name:
ByteCode-MSIL.Trojan.Agentesla
Create hunting rule
Status:
Malicious
First seen:
2022-04-21 20:13:18 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 41 (39.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zpa2q7hyeidqyzbcpqpswjefnev4owslu7ipcqpg2jpj6jsdg3ba._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/220422-hj7k5sffcp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cbc1a87cf822070c64227c1f2b2485692bc75a4ba7d0f141e6d25e9f264336c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz cbc1a87cf822070c64227c1f2b2485692bc75a4ba7d0f141e6d25e9f264336c2

(this sample)

AgentTesla

Executable exe 1d9c52f0726c9514e0051e033ec7259daa42d1876503aa79f6ec37c5de41f2be

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d9c52f0726c9514e0051e033ec7259daa42d1876503aa79f6ec37c5de41f2be
  
Dropping
AgentTesla
  
Dropping
MD5 d069ef35da0ba0c21863fad4e722f3d2

Comments