MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfec57dd6d062eca98ceef918b683107293b334b2ebf03b90679d39fb6d35fd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfec57dd6d062eca98ceef918b683107293b334b2ebf03b90679d39fb6d35fd5
SHA3-384 hash: 7a4fe280fae02563ebc155c7c4c1092267b4df15db07d8b6803b883b1cbb39257b0bb3938e3b1cbd00282d3d267c9864
SHA1 hash: bc3f10df960bf7ce33ff1174b791e01aeb3518b7
MD5 hash: 5c87cba4d351f3e848f384faddd5a0e6
humanhash: early-yellow-failed-tennis
File name:RFQ.pdf.ra.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:649'379 bytes
First seen:2022-05-18 06:57:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:dvF2fYB20DTqvVjg7FjFw+4JurLdOk9QHlN84eLIizOKt3x+kqbjBxLJt4b:dvF2fYcpvVjCjKTJoBOoKeLB33x/yzLM
TLSH T15AD4235D9D8AE142CCFAE527148A2E29C3FFBCBE207B70551C3F264A07C604D7E96529
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla QUOTATION rar RFQ


Avatar
cocaman
Malicious email (T1566.001)
From: ""Naza N . Syawesh" <nsyawesh@huntoil.com>" (likely spoofed)
Received: "from ns1.unique.net.np (unknown [103.207.80.10]) "
Date: "Tue, 17 May 2022 20:52:02 +0100"
Subject: "REQUEST FOR QUOTATION"
Attachment: "RFQ.pdf.ra.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe obfuscated packed replace.exe
Link:
https://www.filescan.io/uploads/62849915bc516cf66c2b6724/reports/a0cd4e32-1c2a-4c8f-9742-3e20b0145544/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfec57dd6d062eca98ceef918b683107293b334b2ebf03b90679d39fb6d35fd5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-05-18 06:58:07 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=37wfpxlnayxmvggo56iyw2bra4utwm2lf27qhoigphjz7nwtl7kq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220518-hrgppaefe8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Malware Config
C2 Extraction:
https://api.telegram.org/bot5103498087:AAHtCnRhXia4kNJ2ZnWDIP045u7xpNlTnYM/sendDocument
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dfec57dd6d062eca98ceef918b683107293b334b2ebf03b90679d39fb6d35fd5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar dfec57dd6d062eca98ceef918b683107293b334b2ebf03b90679d39fb6d35fd5

(this sample)

AgentTesla

Executable exe b0bbd1bf8657c5c7f69e100d7d7127ebe73528730e8e74f277b21c43ce7a4aa5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b0bbd1bf8657c5c7f69e100d7d7127ebe73528730e8e74f277b21c43ce7a4aa5
  
Dropping
MD5 7b2433d2ca33c95587e325245402ffc2

Comments