MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA 2 File information Comments

SHA256 hash:	f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24
SHA3-384 hash:	548e12f61028dc2ecb39d0d95fbdd569838a020ba822de5e45e804b6aa29db050d3dd1462c1ec5e058c60a922b768ee2
SHA1 hash:	d1c94a835d9b1b8462fb1eb678a3f820111a179b
MD5 hash:	82e3564f02bcbb5616fe347abfc19c7a
humanhash:	seven-oven-yankee-nebraska
File name:	AWB NO.3522849002.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'047'056 bytes
First seen:	2023-02-24 16:09:48 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:tSHAA5YGCwZzCtxcaOUJ0bM0bDzFg29axYcFhlt+J8V8ys:oHAMZ1mPOW+bDq2cxYQhlta68B
TLSH	T15825332A717A0531B14315BD2EE85FDE4E372486C2F201A61B3296526B750E39CE72FE
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	AgentTesla DHL zip

cocaman

Malicious email (T1566.001)
From: "DHL Express <support@dhl.com>" (likely spoofed)
Received: "from ns-1052.awsdns-03.org (unknown [65.60.40.103]) "
Date: "22 Feb 2023 10:19:29 -0800"
Subject: "=?UTF-8?B?Tm90aWZpY2FjaW9uIGRlIGVudsOtbyBkZSBESEw6IDgxNDg1NTcxNDE=?="
Attachment: "AWB NO.3522849002.zip"

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	AWB NO.3522849002.exe
File size:	1'217'536 bytes
SHA256 hash:	fdb812e191cd59e17d6144dd1092217fd9b7d9e8abc6ffc30b298c2c789babdd
MD5 hash:	207b9c29ea92bc236afa2b24ecc4b9df
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_fs3284.UNOFFICIAL

Sanesecurity.Malware.28872.BadIN4.UNOFFICIAL

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/63f8e15d589e1e4c5bd8bc89/reports/e6dfd363-aff0-4f9f-b8a2-f22d98303430/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2023-02-22 14:40:48 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

22 of 39 (56.41%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=64c3srunegjpcbrqaiobcndv2ebgvbvl3keo4bj3z4q6xcc7lisa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.61

Link:

https://yomi.yoroi.company/submissions/f705b9468d2192f10630021c113475d1026a86abda88ee053bcf21eb885f5a24

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.