MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0719bbf5be020fbb89149911a13bf7f341bff311d4fc3c11a3a60d30adaab3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0719bbf5be020fbb89149911a13bf7f341bff311d4fc3c11a3a60d30adaab3f
SHA3-384 hash: 609b3c546360e4e282f4298c793d3ff2e28776b4a6d2c3bfb563d490cd37ee22287c6e41c4f9bcb7d51c5b86b9299e75
SHA1 hash: 8fa22e438e844e3c1ce5aef2fd8f848b958b8f82
MD5 hash: a59bd068a03dd7c373beedbab0178652
humanhash: stream-east-pluto-sweet
File name:urgent request fro quotation CONO GROUP LLC DK983746GT.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:588'169 bytes
First seen:2021-05-10 10:57:43 UTC
Last seen:2021-05-10 12:02:31 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:X0f8CSsYPV8wNdzCA+2CQ4WgdG84lFBS8zdpLKOe:E/9YZdzUTnvmJzXLxe
TLSH 58C423DB475CEC4E901E5721A51B8C799FA3A8B6D3E6037592BDB002C42CA377EBC406
Reporter cocaman
Tags:rar


Avatar
cocaman
Malicious email (T1566.001)
From: "<sales@cono.uk>" (likely spoofed)
Received: "from box.cono.uk (box.cono.uk [51.79.250.154]) "
Date: "Mon, 10 May 2021 03:03:09 -0700"
Subject: "CONO QUOTE REQUEST"
Attachment: "urgent request fro quotation CONO GROUP LLC DK983746GT.rar"

Intelligence

File Origin
# of uploads :
4
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0719bbf5be020fbb89149911a13bf7f341bff311d4fc3c11a3a60d30adaab3f/
Threat name:
ByteCode-MSIL.Infostealer.Coins
Create hunting rule
Status:
Malicious
First seen:
2021-05-10 09:04:03 UTC
File Type:
Binary (Archive)
Extracted files:
103
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210510-9s187jxs5a/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0719bbf5be020fbb89149911a13bf7f341bff311d4fc3c11a3a60d30adaab3f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e0719bbf5be020fbb89149911a13bf7f341bff311d4fc3c11a3a60d30adaab3f

(this sample)

AgentTesla

Executable exe 0daf489ca1617986915a80c73dd00c81ba6d72854ddc415c495f5c907b640c7b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0daf489ca1617986915a80c73dd00c81ba6d72854ddc415c495f5c907b640c7b

Comments