MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2a9e5fd925d49872bb2412d446d162dd47673f1f94998589d1a663d28419e67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2a9e5fd925d49872bb2412d446d162dd47673f1f94998589d1a663d28419e67
SHA3-384 hash: 98a45709a0b072e0b94a9232dd57d2e6a9061f0374f984cc269919929f1af9a67aebcaf01fb68c22b2d43401cff7ec17
SHA1 hash: 303b055e7d7fd4548cd69af352e56ebbfb6f0893
MD5 hash: ef2cd714ea2dcba7814ca37c5fb583f0
humanhash: illinois-uniform-friend-four
File name:Payment Slip.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:542'891 bytes
First seen:2021-07-27 06:04:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:vXgene0jEw6lJhPEY3OkqplPI5w7x+DA/ZjK18Fw9:vlbjbehPEY6pxI5mxwAhjzw
TLSH T10DB4233844E1AF44796F9E6E413BF5A6D7D8501728BEDA438FC20F8C9E67C258950DC8
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "afnan@bayarek.com" (likely spoofed)
Received: "from mx1.dreamhost.com (unknown [185.222.57.156]) "
Date: "27 Jul 2021 01:05:07 +0200"
Subject: "RE: Payment confirmation"
Attachment: "Payment Slip.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-27 01:04:46 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ku6l7mslveyok5siewui3iwfxkhm47r7fezqwe5djtd2kcbtztq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210727-5ldv6xqxan/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
CustAttr .NET packer
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d2a9e5fd925d49872bb2412d446d162dd47673f1f94998589d1a663d28419e67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d2a9e5fd925d49872bb2412d446d162dd47673f1f94998589d1a663d28419e67

(this sample)

AgentTesla

Executable exe 93709182d579b433aa5f5fe1e4eeba4de3b5e497f78a5ef34d35bcd981f49f15

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93709182d579b433aa5f5fe1e4eeba4de3b5e497f78a5ef34d35bcd981f49f15

Comments