MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17
SHA3-384 hash: 86188295cdc72cbabfe663caa771be983a874ac0429a75e4358ec36c4123b92cabb77d06c210f0372c1dc33f77fb9505
SHA1 hash: 9851485c278e583398b28d1d0d56aaac6a4c5594
MD5 hash: 5a5f14f3a9c00829257479be62b35766
humanhash: fruit-ack-sodium-uranus
File name:Precio de cuota_PDF__________________________________.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'779'200 bytes
First seen:2020-05-11 14:23:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:MNT/zU+E4jDrfvT89hVb3MDixBaYRG4N0fT5olsINuPFrLTaLvluG4Gt91GwiOna:MN7zUK8lb3MyP70frFlmLlTxUcS
Threatray 520 similar samples on MalwareBazaar
TLSH BE85124027AD2B71E2395BF558F46051C7B5B52730B8E3AE8D8661CB1AD2F81CE81F27
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail4.luconsult.ro
Sending IP: 195.62.95.50
From: eric <eric@orientgene.com>
Subject: SOLICITUD DE PRESUPUESTO // MV PAVINO TRADER
Attachment: Precio de cuota_PDF__________________________________.gz (contains "Precio de cuota_PDF__________________________________.exe")

AgentTesla SMTP exfil server:
smtp.dachanq.cc:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:36:51 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eirn37fxnsgcpc52x4nqstshsuach4jrtlsijvcnyublsfya3mlq._file
Verdict:
malicious
Similar samples:
0ffa7ac2091ab004e6755e1e66539633b6a628e90094d80357895df0e6092f9c
AgentTesla
239fca3f5df496aab1b7c7696aaa26d77174501abc9cb1c1e12a188584d745cc
AgentTesla
3ab173f1c673d450f1f9640193efc87c76e64687e4c43ea0024287c875cde792
AgentTesla
3ecc7f6abd145158004019c01e8f8f7e56c2bc3d9b4625a3fe2e1eee470a7dd8
AgentTesla
5f2f26cf27b0ffb53cf4a5ddec0d2fcd1236eaf7f4af3a7b78d9d23a23e4cb50
AgentTesla
67a5b58d36ef0884ee86d601a72ffb085c02aa9cfa40cd3a869ea6806084a011
AgentTesla
92fe26c8230e536786caaa0932023f795e94d364ef3221a728d81d7ef90afd2a
AgentTesla
a007c974d0e999a91fb8e3c81489642b608dee675c411d99baf42499c64cc1a8
AgentTesla
c324d9dd65de8e5ad44795db94a24c3b2b3db5cdd88d5c35de386e039772a364
AgentTesla
d17e7aae62fd256c264b2602f913c5b918501a1416abb5c58a4f14bcafa2b0d6
AgentTesla
+ 510 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity rezer0 spyware stealer upx
Link:
https://tria.ge/reports/201109-3p7ahplkln/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz f73831358076d17398cbedf3654da257f4ecae5288c04b318aea161974157edd

AgentTesla

Executable exe 2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17

(this sample)

  
Dropped by
MD5 4defa2864456531dbb6c2577051cd5fb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f73831358076d17398cbedf3654da257f4ecae5288c04b318aea161974157edd

Comments