MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90
SHA3-384 hash: a36176ed7048b8ee140e447fdc9a10d984848326cfdaec383919f2a1a91baa683c460e649644b03ee0a21a7bbee1c87c
SHA1 hash: a7fc2a1828d5c31c3293e901a925a0bccd4282b0
MD5 hash: d389b709f84435bbf54ddf204620da56
humanhash: missouri-friend-seventeen-pasta
File name:Payment slip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:549'314 bytes
First seen:2021-04-20 08:58:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:zET4oNIFAT9q/pSV7ytVBXthsbpkbS4kA5+nglfjSAk+zeD43I1:zE8oNrh4SV2zds9khpoF+zeU34
TLSH 7CC4238468BE0606FC680F99D726C266FE8431C9A8BBC7844FFD62D490E727D81957D1
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Michelle Tang" <michelle@jchorizonltd.com>" (likely spoofed)
Received: "from postfix-inbound-1.inbound.mailchannels.net (inbound-egress-6.mailchannels.net [199.10.31.238]) "
Date: "20 Apr 2021 10:16:53 +0200"
Subject: "Wire Payment $35,276.70 "
Attachment: "Payment slip.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs435.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21665.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ywgdbeilr5qmxb53jdutustmtlhefm2s4zd64vha7yd5bk4rkia._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210420-gbhqblclje/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90

(this sample)

AgentTesla

Executable exe dadfcbf2bb1e7a6e7f4241f480d0dc9107587575fe2167dd82507c28ed3c4296

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dadfcbf2bb1e7a6e7f4241f480d0dc9107587575fe2167dd82507c28ed3c4296

Comments