MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09c0031937ab9af70334c73ad3ebf3bd19668f522e36420047c42badf11a8887. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09c0031937ab9af70334c73ad3ebf3bd19668f522e36420047c42badf11a8887
SHA3-384 hash: 4cf5e456884e8fced9457807a0f6bb616429db544577fa0626fb963de9d99b2209bbc00fedd97a37645dba8c97561e33
SHA1 hash: f73aa911d5d9f6a614db40896c5afad8f616c485
MD5 hash: 5752db4edeef25666464bd3dbee4f9b6
humanhash: carpet-romeo-wisconsin-triple
File name:Scan Copy.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:405'504 bytes
First seen:2020-05-19 06:26:59 UTC
Last seen:2020-05-19 08:05:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:9R/sdgOWyn4Pl36Td9RoS2LoPO3beMhvi/lSoUXDU7aUOf3qh24m/qpVWu9+1V:f/ZynolqbR/VOfvEHUwlOfah2d4t9wV
Threatray 115 similar samples on MalwareBazaar
TLSH 1F84128027BE1BA1D57EC7F43221201247F575ABB322EB6C4DC1A1FB12A6F905E51E93
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [5.79.121.159]
Sending IP: 5.79.121.159
From: SON LEE <omar.ali@ahsaniamission.org.bd >
Subject: PAYMENT TRANFER
Attachment: Scan Copy.zip (contains "Scan Copy.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.17585.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 06:36:39 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bhaaggjxvonpoazuy45nh27txumwnd2sfy3eeachyqv234i2rcdq._file
Verdict:
unknown
Similar samples:
01c25d1e551f6c54f1c49d04fa445bf4290dafcc23f67bfac14e4f80f2662441
AgentTesla
1890ab9f7e4107096420bd8f0f5d7ff1a84d7b02c691675b70cf3382fda0a81a
AgentTesla
2364247c3aeffef1ab3a097e386e61917c7083f53e016888d5c450e9f1c656ac
AgentTesla
6b4c217c0bdb4660db2d83a8deb9e538e801e8c275e5e1fe955497970daf24c0
AgentTesla
73c5071a6dc5f6d66b800d56b97e6f451d2738aebb2efcacaaab86319392dddb
AgentTesla
78f4940fa048d4ac80b908f84bd22916139e220f2695c2be7efac13e39df0204
AgentTesla
96b4c0eb2ed053c03c8f12c8a46c218490a064ff43b4b29eb6883e758d13f624
AgentTesla
976174c0ffcfd0cdeea0a9dd962b995142d15a1cc831a42c68e7b3f928bd7c3a
AgentTesla
978d51366e13c76915194bf67170b7431115e1962eddee9debeb3f8c89d77a88
AgentTesla
adf1ab026877202ab0e3ef9af0576336f151c36b8980b5456b4b2c3c0e592f7d
AgentTesla
+ 105 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201109-rl51b6ktgj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

39c9928e687b9c2be351605cabc7b4e1

AgentTesla

Executable exe 09c0031937ab9af70334c73ad3ebf3bd19668f522e36420047c42badf11a8887

(this sample)

  
Dropped by
MD5 39c9928e687b9c2be351605cabc7b4e1
  
Delivery method
Distributed via e-mail attachment

Comments