MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb4f4829352a36c4bcede454243235a1bc966fbbe14ad81dec1b02a1bd8cfa81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb4f4829352a36c4bcede454243235a1bc966fbbe14ad81dec1b02a1bd8cfa81
SHA3-384 hash: fd6116d1134942252389b783fab91ff0de21bc678654f5cfc7a910f3e2f747d09022f3cae25a7977ccab401280260b4a
SHA1 hash: 0167310cde3294d58d706e2a172c6167a2a70055
MD5 hash: 0212d0173d138c58e68235c61c387809
humanhash: east-india-mockingbird-california
File name:product list.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'736 bytes
First seen:2022-01-24 06:32:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:54RM6aqMGJ1OnZ9pqm/9+Qs0tv+rbs2Kcc:gAa1OnZTqm/9JsPM8c
TLSH T1F394230E37220BB84A8389777B464FCE497473669BE5579E06B99DE3B02470E2C1F742
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "jsai international <jsaiinternational009@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [66.154.111.196]) "
Date: "24 Jan 2022 05:15:22 +0100"
Subject: "RE: New Product Inquiry"
Attachment: "product list.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_us63.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware keylogger obfuscated packed
Link:
https://www.filescan.io/uploads/61ee48210f8c757253e0da5d/reports/ee28cfb0-591e-4dba-a3b8-f58d04273b33/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/fb4f4829352a36c4bcede454243235a1bc966fbbe14ad81dec1b02a1bd8cfa81
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb4f4829352a36c4bcede454243235a1bc966fbbe14ad81dec1b02a1bd8cfa81/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-24 06:33:11 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7nhuqkjvfi3mjphn4rkcimrvug6jm3534ffnqhpmdmbkdpmm7kaq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220124-ha8f3sdehm/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Malware Config
C2 Extraction:
https://api.telegram.org/bot2043981125:AAGaa5K6uc5rV5LARENbXhpoD0InPrKgKJI/sendDocument
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb4f4829352a36c4bcede454243235a1bc966fbbe14ad81dec1b02a1bd8cfa81

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fb4f4829352a36c4bcede454243235a1bc966fbbe14ad81dec1b02a1bd8cfa81

(this sample)

AgentTesla

Executable exe 97633db1552b4791c99177e854d262a0d1021d44ee8717dc13bac90d6f55ae01

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97633db1552b4791c99177e854d262a0d1021d44ee8717dc13bac90d6f55ae01

Comments