MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31a83eeaed551ab0fd49211ea01163c1284fcf575391329f290f1e2c2e5c8ed4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31a83eeaed551ab0fd49211ea01163c1284fcf575391329f290f1e2c2e5c8ed4
SHA3-384 hash: bd2aad0252fc5b5ef1e32f7b53136b63faf40e178270e874e62d8451a48f687bb3a83fdb84f19d5212e6a369284c012a
SHA1 hash: e388d3b462bb06cc3d3d47004e2b00f02ac14957
MD5 hash: 0d34c29f6a94c659e0053af550012509
humanhash: hotel-neptune-mockingbird-eighteen
File name:Requested SOA.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:685'568 bytes
First seen:2020-06-16 10:46:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:jb6Tk4IoBjge6POqPxg/xR3Vl4mBKvAQSj2qa1VAvGXkJXvbPIK4O7Zvww9XW7F:jb6TkRcgmqPxgpR3VZwhSj2VAvAkJfpi
Threatray 202 similar samples on MalwareBazaar
TLSH C6E4221AA39C8736DF2E45B889F20C0243F4B0262A03D75B6E4275BF5EA77DD090B957
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: uzlinshpl01.uzcloud.uz
Sending IP: 185.74.4.8
From: Project manager <alejandra.seguracruz@grupogarel.com>
Reply-To: oliviamiller878@gmail.com
Subject: Statement of Account/Ledger
Attachment: Requested SOA.rar (contains "Requested SOA.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10894/
Detection(s):
SecuriteInfo.com.Generic.mg.4a806c6ffed2bc93.30002.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 10:48:07 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggud52xnkunlb7kjeepkaeldyeue7t2xkoitfhzjb4pcyls4r3ka._file
Verdict:
malicious
Similar samples:
61cf6689824cb7f1df98bc2b7d459a40b1646ea6336478d1361f95fa4ed9ff4f
AgentTesla
69edeb3d6fd141dcd84b1ccf4d26eaf1633bae81803b078a7b24e4f0058828f3
AgentTesla
6a44019b2f0063b7da511aa7c58bf26f949d1b2bf646223ccebee144e406b6ce
AgentTesla
6d76813892ecbe0c33c14f21e5518a45d4518fc47e3577d94cb1786a09a46947
AgentTesla
7038be512775198abba2218e0999002c5c9e871bbd14557c7c4fb7fcfca21dc7
AgentTesla
74bf8e342f337414e7a110c10939c0f870860c473d0fae0c570cf16aec1e3f1b
AgentTesla
8ebcd9cd55a878167c2f34b57536310c4db6b09708cfa6a44238799a9711421d
AgentTesla
a6931da45204551140d8deebbd1cba3a8be3acdbd50668112dcc3ff6705dd25b
AgentTesla
ba4c72b934177106117b877643418c2346bfc68aaf8eee80301cd2620fb48c4a
AgentTesla
eddc32d3ccc7ea1c26262d6e9d11510a37f6150ca947c0a8145b2901b16003de
AgentTesla
+ 192 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware persistence keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200624-1jmtr3bqax/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Modifies service
Reads user/profile data of local email clients
Reads data files stored by FTP clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 14ae71cd57a8759b83ba7909b21cbf2ed542edd3635f24fe52182412bb7fa08d

AgentTesla

Executable exe 31a83eeaed551ab0fd49211ea01163c1284fcf575391329f290f1e2c2e5c8ed4

(this sample)

  
Dropped by
MD5 ae5cdc9488df2c44d34231de48416896
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 14ae71cd57a8759b83ba7909b21cbf2ed542edd3635f24fe52182412bb7fa08d
Cape
Cape
https://www.capesandbox.com/analysis/10894/

Comments