MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdda39234335b5d156fd30172163a85e498e012eb4ce29cc04e8194fb59e5292. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	cdda39234335b5d156fd30172163a85e498e012eb4ce29cc04e8194fb59e5292
SHA3-384 hash:	9469b965b7c6896f33e6c19f246f40399aee7a3d423830c2201c3503b57b76e4888920b60df83a102b04cb2db2304852
SHA1 hash:	c1b91849301366fbb1eab77e60650a3ed7671a13
MD5 hash:	cb235508b83d4e652cb7257316a6497d
humanhash:	carbon-east-lemon-fruit
File name:	Swift Copy 003481.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	433'166 bytes
First seen:	2022-04-16 07:33:49 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:YnjLv5kLsLOK06Zp+ECqKPQKDt+5xp8xkbvpuEk1CnLp2Vr1PQ5qQFgYfiSPFw4t:Yn3vnp3+0/KDKxdwd1Oot5QFgoPFX
TLSH	T17494231A014EE8CFBA96CF1088D3052F1D0A4A1D1E3B5E9F066474BB446EBC7AFA5735
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	AgentTesla payment SWIFT zip

Intelligence

File Origin

# of uploads :

# of downloads :

457

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_fn112.UNOFFICIAL

SecuriteInfo.com.Malware.AI.3775843069.3348.19144.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

obfuscated packed wacatac

Link:

https://www.filescan.io/uploads/625a716bffe27d5119e4382d/reports/ef30356b-0486-4ae6-9f80-17aa910efa66/overview

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/cdda39234335b5d156fd30172163a85e498e012eb4ce29cc04e8194fb59e5292

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cdda39234335b5d156fd30172163a85e498e012eb4ce29cc04e8194fb59e5292/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2022-04-15 11:13:05 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

22 of 42 (52.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zxndsi2dgw25cvx5galscy5ilzey4ajowthcttae5amu7nm6kkja._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/220416-jd4sqsgch7/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Enumerates physical storage devices

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Checks computer location settings

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cdda39234335b5d156fd30172163a85e498e012eb4ce29cc04e8194fb59e5292

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cdda39234335b5d156fd30172163a85e498e012eb4ce29cc04e8194fb59e5292

(this sample)

AgentTesla

exe 9dafff7f1bfcf6961bab39f3244f263450b5d4807d5757bbfce4179b1d5c0eb2

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 9dafff7f1bfcf6961bab39f3244f263450b5d4807d5757bbfce4179b1d5c0eb2

Dropping

AgentTesla

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample