MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 073ddb3d3a57198d73da1d1ca7605da560b36f49aba3bf82075c5f5616e5b296. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	073ddb3d3a57198d73da1d1ca7605da560b36f49aba3bf82075c5f5616e5b296
SHA3-384 hash:	7163a91e3b4498b70a4b4d349d656137f09326bfaea909de97d22b1b8f36345d40f5abd8c0ae470a66c7bb629b33d4cf
SHA1 hash:	c716d714553e56540713070551ae7f9e25995c6c
MD5 hash:	f03f8bcf82729d2bcc94accb1d2afa7d
humanhash:	charlie-nebraska-saturn-maryland
File name:	RFQ#THR009T_pdf.scr
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	708'608 bytes
First seen:	2020-07-13 11:26:51 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:27ha9h36P4InMOzBZ0JTlHC7yF1vglqcc3bsg6CoKgrFjU0xk+uJbOz:Uch3dIMOzEJBGyLYAt3b/6tO
Threatray	1'552 similar samples on MalwareBazaar
TLSH	AEE436F1EDFAD644DC4424F0EE8E9269C1E4AE28DF856C85E205B71805B26CDDDC98E3
Reporter	abuse_ch
Tags:	AgentTesla scr

abuse_ch

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin

# of uploads :

1

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/25236/

Detection(s):

SecuriteInfo.com.Trojan.Inject3.44601.15513.29724.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file in the %AppData% directory

Creating a file in the %temp% directory

Launching a process

Creating a process with a hidden window

Deleting a recently created file

Using the Windows Management Instrumentation requests

Enabling autorun with Startup directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/073ddb3d3a57198d73da1d1ca7605da560b36f49aba3bf82075c5f5616e5b296/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-07-13 11:28:08 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=a465wpj2k4my2462duokoyc5uvqlg32jvor37aqhlrpvmfxfwkla._file

Verdict:

unknown

Similar samples:

029905c8789b5194e3f20a0a818bbd8922d113ce41ac880fe44f56d39b6a6356

070df000e80ccf39e53f4aa7eab00126fee74516937d795f1cef25f6321acc12

1e82507cd7b999f2ffa46f4591486b0ff45fb3fc664419279c15677f4a5a20d9

1eacb0db214edbdd7e818aad638ffd03d6db6cf709858b00bf5a99d9e5bbac6e

2c58586fa63f30484f632c92f18ee119950537c49e956f5b185bb5de21585ab6

3a3663222be5128c1e1486f94faae1e3ffa785569511e4df6346bc10b5513f1f

5ff5a39cd321aac82297c3d5f082875e7b1e5c2c9229511dbcabe9d756d1b867

8e19aa41d4d9df55db350241ee00258f455501449ad3054c09b0ee7b148da430

b341dab43275abb083b31e6852485e7f21802e6ab4310020a48dd8162c8c9c69

ff3eb81477b36ac2239b623085961439379064929b20c4a69f72cb266adece83

+ 1'542 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200713-y6mvqsqwbe/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Reads user/profile data of local email clients

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 073ddb3d3a57198d73da1d1ca7605da560b36f49aba3bf82075c5f5616e5b296

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/25236/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample