MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266
SHA3-384 hash: 3650b5d650a7859df000ca3e3175644ad07828d7776693ded24c36dbb34c10581fabea2536ca73cd357de0c0be06bbbf
SHA1 hash: 7af7c8d5b6aba3e0618d1a1aab03fda14c6fbec4
MD5 hash: 2b8bd67d831fa6ef103181d6aeb67117
humanhash: asparagus-winner-summer-cold
File name:ROZ MARINE - OUTSENDING.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:305'542 bytes
First seen:2021-05-26 12:41:37 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:4c7TcPfeZt6i2M3RNhQB1tiKWpVE7ciB69FGM0a6AqOaAFSILQ:4ABoDOThQB1bWLEQw69sMWA3ncILQ
TLSH 6754235A8D63A3F6E0A0DD7A32C0BF84ADB352116D1D38AE51DF03E88C97F44515CE6A
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: ""Ilyas YILDIRIM" <ilyas@besiktasmarine.com>" (likely spoofed)
Received: "from hp0.226.cxvbnix.cf (hp0.226.cxvbnix.cf [134.209.120.202]) "
Date: "Wed, 26 May 2021 00:17:14 -0700"
Subject: "CURRENT SOA // BESIKTAS MARINE"
Attachment: "ROZ MARINE - OUTSENDING.pdf.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-26 06:46:24 UTC
File Type:
Binary (Archive)
Extracted files:
43
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7dh6cryojxfgtzsw45m7umqrbwx53oe5gct3pjvdzf5ffszgjta._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210526-4n3qnrccnj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
AgentTesla Payload
Nirsoft
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz cfc67f0a38726e534f32b73acfd190886d7eedc4e9853dbd351e4bd296593266

(this sample)

AgentTesla

Executable exe d380b2b195438594810d722c0bae32ec23ae83382750b778f2caf54d90b69734

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d380b2b195438594810d722c0bae32ec23ae83382750b778f2caf54d90b69734
  
Dropping
AgentTesla

Comments