MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe511d0608ee212469497b1a46574dae0e5fce5b8cb896a7e89fd75f64e30c84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe511d0608ee212469497b1a46574dae0e5fce5b8cb896a7e89fd75f64e30c84
SHA3-384 hash: a718e6bb51e63fb427838a1eb2fb55cb887d33c41d05e334d97889df1d5426dd01a88f8e8a117fa26f2a9c4f9fe73bb8
SHA1 hash: 2fd748f783cf5cd0e18116f80b06e6c443c394df
MD5 hash: 810f401773c1bcedb24283733ddaf870
humanhash: grey-princess-september-virginia
File name:RFQ_202100001009692710218871_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:948'519 bytes
First seen:2021-05-11 05:59:46 UTC
Last seen:2021-05-11 07:06:57 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:6si6h9Y5NddvwLbqxHW9q3zTbcUZkh5k0rUw3LDhh0E9CqJbIUNhyX1WMTnYIBhd:6s5K/ddoLugq3zyhZrUwZyQCqovHg4
TLSH 2D153341005C51C2C5C29A615AF3EB1BAFE610AE540C7D8D0D2D27C9DA2B3652AFEECF
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Purchasing Spring Marine Management SA <purchasing@springmarine.com>" (likely spoofed)
Received: "from springmarine.com (unknown [31.210.21.162]) "
Date: "11 May 2021 07:23:55 +0200"
Subject: "QUOTATION: SAM-S210118A,"
Attachment: "RFQ_202100001009692710218871_PDF.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe511d0608ee212469497b1a46574dae0e5fce5b8cb896a7e89fd75f64e30c84/
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-05-11 06:00:28 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7zir2bqi5yqsi2kjpmnemv2nvyhf7ts3rs4jnj7it7lv6zhdbsca._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210511-syhs4ay5vn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe511d0608ee212469497b1a46574dae0e5fce5b8cb896a7e89fd75f64e30c84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz fe511d0608ee212469497b1a46574dae0e5fce5b8cb896a7e89fd75f64e30c84

(this sample)

AgentTesla

Executable exe d6adc5fd4e50b6a75c1d1e2ad96c279c2ac31472eca3c0325ae6f83852440333

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6adc5fd4e50b6a75c1d1e2ad96c279c2ac31472eca3c0325ae6f83852440333

Comments