MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319
SHA3-384 hash: e4a9302015c37a681f7aa5287f51672a624cbd7b8e2c1971750fbd2328450e2f971393568a98a1e6b11dce77d7912c10
SHA1 hash: de9b0a9ad58341d7bd0bb7552cb127723a6799f5
MD5 hash: e9676de2c97e46b2a85fe7be139844dd
humanhash: gee-harry-timing-wisconsin
File name:AWB#5305323204643.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:487'660 bytes
First seen:2021-05-24 14:15:50 UTC
Last seen:2021-05-24 15:03:34 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:CMAuJICo/bFSVJK2dBmJ2VkuYS5g5xr/v3GciCeqcy:CMARUK2TNV7YBDv2/Jqx
TLSH 78A4239084C5BBF8E29261FB754D8AFB187094CF209CB73C85E7B2835977DE6A060356
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "FedEx Express<info@znshenesolar.com>" (likely spoofed)
Received: "from znshenesolar.com (unknown [45.35.196.140]) "
Date: "20 May 2021 05:52:59 -0700"
Subject: "FedEx Express AWB#5305323204643 - Information is required"
Attachment: "AWB#5305323204643.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.747-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-20 09:49:00 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
21 of 46 (45.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6oy77fccvnanekqgqbqgdxmzwnypnk4hywxm536enq2aqnacimmq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210524-s3c819efja/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f3b1ff9442ab40d22a06806061dd99b370f6ab87c5aeceefc46c340834024319

(this sample)

AgentTesla

Executable exe 4db148b755b23786d900184cbaa5a8c84943b34270186638aaf29933a2b1b6ed

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4db148b755b23786d900184cbaa5a8c84943b34270186638aaf29933a2b1b6ed

Comments