MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc992abf02bd8105de8686d4bbbbfe5d5394b4c23ee318ad243ab19e2c88f53c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc992abf02bd8105de8686d4bbbbfe5d5394b4c23ee318ad243ab19e2c88f53c
SHA3-384 hash: d8246b1e0aca00eb65e732ac988897c6121078ca0894ad380417f5ebbe5b5f459d68f4924827bfb1a0f24088d2293766
SHA1 hash: 96cc8a3dc5226d85fe844fb95337200372fc9664
MD5 hash: 0be836bf6b05820c68b99064f718c87f
humanhash: xray-oven-tango-helium
File name:RFQ DETAILS#11-19.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:423'621 bytes
First seen:2022-01-17 06:44:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Ow5V3vsIIX+0cx4dmQrDn1T1MAJanGY9/Dwclpq:3fsIIs4dmQXnddAnGY9/6
TLSH T186942323A11AB76B2E5D40E2E384A484D48D5D7CEA56F59F0A5B3F4CD440FF928BC1A3
Reporter cocaman
Tags:cab rar


Avatar
cocaman
Malicious email (T1566.001)
From: "RIS Office | Annex <efae@fibertel.com.ar>" (likely spoofed)
Received: "from eticodns10.com (ns.eticodns10.com [195.182.210.170]) "
Date: "Sun, 16 Jan 2022 13:57:16 -0800"
Subject: "New Booking for 19-01"
Attachment: "RFQ DETAILS#11-19.cab"

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61e51070f81da814af883785/reports/2f0ac9a7-0af6-4761-a686-05b587ca0d1c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc992abf02bd8105de8686d4bbbbfe5d5394b4c23ee318ad243ab19e2c88f53c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-17 06:45:09 UTC
File Type:
Binary (Archive)
Extracted files:
55
AV detection:
14 of 43 (32.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zsmsvpycxwaqlxugq3klxo76lvjzjngch3rrrljehkyz4lei6u6a._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220117-hh37bshbbp/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc992abf02bd8105de8686d4bbbbfe5d5394b4c23ee318ad243ab19e2c88f53c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cc992abf02bd8105de8686d4bbbbfe5d5394b4c23ee318ad243ab19e2c88f53c

(this sample)

AgentTesla

Executable exe 3102634fd4e9f1c32a4917eaaf9b29e1698a87afcd9798a042fff7bd2d726f46

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3102634fd4e9f1c32a4917eaaf9b29e1698a87afcd9798a042fff7bd2d726f46

Comments