MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee
SHA3-384 hash: 48a6e5ff6f7630b4045898116be11777c1ef2ea279a251fb61fd4144efe3ecc04c1f014cb136aa71087f0b0ff0f9f123
SHA1 hash: dceb0561f18341c51ee40a453c37953b89797160
MD5 hash: a7fe386df37ae66d6f28ed9b91e0278f
humanhash: mike-six-freddie-happy
File name:doc-071320201.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:334'848 bytes
First seen:2020-07-13 06:26:27 UTC
Last seen:2020-07-13 20:13:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 6144:Y3O2vV3KXbRzDr0S2SuRw+PTyMWyeGFNXuGNeWwyF3AikFar:wO2vkriSYFT7WG2EeWvANQ
Threatray 550 similar samples on MalwareBazaar
TLSH 2564234172EF8354EEFA9F7A3C204751D07D941ECA31FBDE231B362D864A76049266B1
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.bashstat.ru
Sending IP: 81.30.192.250
From: Sales <807856462g@gmail.com>
Subject: Fwd: New order
Attachment: doc-07132020.img (contains "doc-071320201.exe")

AgentTesla SMTP exfil server:
mail.napred.net:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24982/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WUO.16568.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Launching a service
Creating a file
Moving of the original file
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:28:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bfduskqazvacumwutcq5p4pc2mhbuhc5jdggl67pk6cpowj3d3xa._file
Verdict:
malicious
Similar samples:
1520c196804649d5a465a2003046210148f70d50e926366300214cea9ef15719
AgentTesla
1b63db723d1957b88d6199fb5ea958f28de43333d2482a137c5b73b8be78a4a0
AgentTesla
1e82507cd7b999f2ffa46f4591486b0ff45fb3fc664419279c15677f4a5a20d9
AgentTesla
5056afb57576d4fc72369a0c11d434406085f7e62f773f3db7e297061cba717a
AgentTesla
75ce329091d54aa2fcf6cd6f58704493e0f4ac878279c49db239140051341931
AgentTesla
9d7e42c747de8d1f950c5fb27e4bee452d41140969f7a3af1da9e20e7fde6613
AgentTesla
a4871c9770bdd0f9454e689411f3ffb3267913568b49f6457d681470770fa92e
AgentTesla
aa5bb63c10ba7512a7f1612ca4b89768023be9fe17bcdf07665ec06640ca242d
AgentTesla
d12fda0c8cf02474c474c6cbeba40591ba336a7fdf8d3f164493e5f6200f77ca
AgentTesla
edc773741982183fbbca2bc01649bdd6904f8aac5392cec6cfcfeab881c1e727
AgentTesla
+ 540 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200713-z1mlf3p26s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Reads user/profile data of local email clients
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 22e062de7b85e351f4e0f7cd17af0f411b41676c761ea81581facb9532f40844

AgentTesla

Executable exe 0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee

(this sample)

  
Dropped by
MD5 4858f71c73515101e8100e6ad41ff56a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/24982/
  
Dropped by
SHA256 22e062de7b85e351f4e0f7cd17af0f411b41676c761ea81581facb9532f40844

Comments