MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 002aef8a86bf6b84b51b2397f5fde91fa679e53e74d04165d1476f81d9c3fb40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 002aef8a86bf6b84b51b2397f5fde91fa679e53e74d04165d1476f81d9c3fb40
SHA3-384 hash: fd78dc7a8d2d29692755aa855785595dd8c89be97772e6835fea53f591df874ad3832ea886d8691551c30f6ec20c4e4f
SHA1 hash: fa9e44400ab7c8bca71f3edfc6dbed9ec1492a50
MD5 hash: 459cd07c866c1dea403093310288c6d7
humanhash: network-two-mars-tango
File name:SZ062117A.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:896'512 bytes
First seen:2020-05-11 08:08:17 UTC
Last seen:2020-05-11 08:58:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:mqfCCk3cwaX0ilpCMaZZYzmyifVVsocaDyAwIFBfrXFGurtNZ:LBCYDuVc7IFBptH
Threatray 521 similar samples on MalwareBazaar
TLSH E515F10026AD5769E8FA8BF52E6C9051D3F5799B7858FB9D5CD264CB02E4F00CC60E2B
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.javedgroup.xyz
Sending IP: 138.68.249.252
From: Sales Personnel Elizabeth Stratiotis <euoverseas@autoflex.hu>
Reply-To: rakib@marzukf-bd.com
Subject: REQUEST FOR QUOTE: SZ062117A
Attachment: SZ062117A.rar (contains "SZ062117A.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10384.10820.26055.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 04:44:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aavo7cugx5vyjni3eol7l7pjd6thtzj6otieczori5xydwod7naa._file
Verdict:
malicious
Similar samples:
40eac0b9c7fb03c9f4a54a82b47534babfdcc931b5d83832f1ae2facd9fe0cc3
AgentTesla
7e26ace88d11ff4270b4dfcd7329e5ebd1000acbe4de1a5de1ae4c023de66c90
AgentTesla
8a3dd3eb355760a77c7bd89e2316c7741e37f9b20435a23d144e58ba856bd7c7
AgentTesla
a412b9a89e53822798a37e00efb760bf4556140d0c1088b440aaa57f10869603
AgentTesla
a97835df055504850909bdb785d2bd535cc22702f418147cc3af6d4add370a59
AgentTesla
ca946b7be994d2636254cb8b8cf44f5b7aa57fd705c6e07119aa4e68092daa01
AgentTesla
cb8c9572b8c0299b05a17084ae5dd93d0aea243138bfd03eaafaee950390724d
AgentTesla
d2aba15a355f2587296a0d3de5416fe3ad7a644aaf39e9b8c5be0125a346abc6
AgentTesla
f058f245d06f4d059132d2b9e90f84a332d0471ff0c421d49ca828d76874b8f3
AgentTesla
fe3dcdbbb57d61e04df490402d1e477ec1a804add945a2287c697b18a2234227
AgentTesla
+ 511 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-jzfpxncfsa/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar da8579c0125fa2dc2b76191955a4e75108eaf35c94b9ab6b5edd112818539fea

AgentTesla

Executable exe 002aef8a86bf6b84b51b2397f5fde91fa679e53e74d04165d1476f81d9c3fb40

(this sample)

  
Dropped by
MD5 6d14700e32f00fd0f4d082bd9f938330
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 da8579c0125fa2dc2b76191955a4e75108eaf35c94b9ab6b5edd112818539fea

Comments