MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f577ded45d4a39fbd7b63b5ebb3029ef7d3eb6af5aa7daa34a5b4b6124ca809c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f577ded45d4a39fbd7b63b5ebb3029ef7d3eb6af5aa7daa34a5b4b6124ca809c
SHA3-384 hash: 138d5def4e6ff4289355cefd8c73083f4cf7063a9c70888e08b4f7368ac409bee6d090ac1a26cbee429cd0f890f1aa25
SHA1 hash: 8dd33105e6b0cfd435bd487933a4344c38800ed4
MD5 hash: 402475fd81c0aa24baaa0d1d4847dada
humanhash: high-floor-thirteen-sixteen
File name:SCANDINAVIA V020E.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'095 bytes
First seen:2022-06-24 06:53:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:0EZVxsHt7HSQ9OSLMFOm84GXY+Jwr49Rh4Y:0ETxsHZR7Y1849+eYRhZ
TLSH T1389423C2F6D0A11F99C8D3E6F43836B5F65F845ACB88B890E3BB01D8655A3D2B4435E4
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla INVOICE zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Angela Quek (MVR)" <aquek@motorcarparts.com>" (likely spoofed)
Received: "from motorcarparts.com (unknown [185.222.57.86]) "
Date: "24 Jun 2022 00:46:35 +0200"
Subject: "RE: INVOICE 10389-10391- OOCL SCANDINAVIA V020E CCSU6337621080"
Attachment: "SCANDINAVIA V020E.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62b55fc662d792dc57411a4e/reports/e66bba2d-3e13-4cff-b11d-ab5f5ad26fb5/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f577ded45d4a39fbd7b63b5ebb3029ef7d3eb6af5aa7daa34a5b4b6124ca809c
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f577ded45d4a39fbd7b63b5ebb3029ef7d3eb6af5aa7daa34a5b4b6124ca809c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-06-23 16:33:33 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6v355vc5ji47xv5whnplwmbj556t5nvplkt5vi2klnfwcjgkqcoa._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer suricata trojan
Link:
https://tria.ge/reports/220624-hpr3msdda4/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
suricata: ET MALWARE AgentTesla Exfil Via SMTP
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/f577ded45d4a39fbd7b63b5ebb3029ef7d3eb6af5aa7daa34a5b4b6124ca809c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f577ded45d4a39fbd7b63b5ebb3029ef7d3eb6af5aa7daa34a5b4b6124ca809c

(this sample)

AgentTesla

Executable exe 0a42622b55ffc6c137e9648dd951518df7b489c5a945752878ca5a703b342ed5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a42622b55ffc6c137e9648dd951518df7b489c5a945752878ca5a703b342ed5
  
Dropping
AgentTesla

Comments