MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c
SHA3-384 hash: d8c0df28b820d888930869a14a495f019a47479f106b0cdd8e9b9899c2d4c16f4fce5e536bf222f004ad28fa6113c2c0
SHA1 hash: 0333e7b3e2198bb9e1119f7f61b9e4f72b6198f3
MD5 hash: c32b7b027f9945b15365b1b363f9c489
humanhash: robert-comet-delta-thirteen
File name:ATTACHED LIST _AMC.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:512'120 bytes
First seen:2021-05-28 05:53:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:iwVk0m7uiK+XNnk+tunLfJAkyuS5ggTeHET8Gp8YLmsaquV/cymnijjvM8zKTYxB:iwO0m0+9kbCMOTeH488aJwht01IFIUZS
TLSH D0B423516B0F89E3188B2B7D416B38E9BBF74FEF023440B0AD58949492421BEEB35775
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Rama N. Devadiga <kuwait@wajdagroup.com>" (likely spoofed)
Received: "from wajdagroup.com (unknown [194.49.78.221]) "
Date: "28 May 2021 00:05:50 +0200"
Subject: "DRAFT DOCUMENTS"
Attachment: "ATTACHED LIST _AMC.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.763-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-28 01:13:15 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5yc2qhl6ivhjclqt6vyakziq4pf4xvn6bdi2aib5ttjhnpwtzj6a._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210528-mm22p1qq56/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ee05a81d7e454e912e13f570056510e3cbcbd5be08d1a0203d9cd276bed3ca7c

(this sample)

AgentTesla

Executable exe d3ed59aa66458ead040f4d4b8e0df0e90b5ed1301102b9913516317feca3fbaf

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3ed59aa66458ead040f4d4b8e0df0e90b5ed1301102b9913516317feca3fbaf

Comments