MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36418297fd0a5c6118bd0838825b7d54a9e144fea29428a48eea7c4ed5cb7499. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36418297fd0a5c6118bd0838825b7d54a9e144fea29428a48eea7c4ed5cb7499
SHA3-384 hash: ccc1174ee64ea682589a568e103cd4c7e9e70e982e7738be0927289726da2da07e01b88332587d905f931ba83d82c36b
SHA1 hash: eb698b2a8c911122cfc4cd152fa5c079df40d36d
MD5 hash: e4b3a7f5c5173c5ca72f3a5d5bc2d4d6
humanhash: oscar-ink-fix-orange
File name:Late Review Order Project.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:912'384 bytes
First seen:2020-07-08 08:21:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 24576:vTdy1e7CmzKTuqPVc+O1yNyy1CslhtWoslhtWgT:oym68clty1/htWlhtW
Threatray 893 similar samples on MalwareBazaar
TLSH 8015D131BBA19A01C73E4F35E96282006E76946B7E06E68F6ECC24ED4E5F7442D47B07
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: oucomarine-group.com
Sending IP: 209.58.149.70
From: Simag C. Hessah<sales1@oucomarine-group.com>
Subject: AW:Late Review Order Project
Attachment: Late Review Order Project.310074.GIT.pdf.gz (contains "Late Review Order Project.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22984/
Detection(s):
SecuriteInfo.com.HEUR.QVM03.0.6CB7.Malware.Gen.21260.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Launching a service
Creating a file
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36418297fd0a5c6118bd0838825b7d54a9e144fea29428a48eea7c4ed5cb7499/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 08:23:05 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gzayff75bjogcgf5ba4iew35ksu6crh6ukkcrjeo5j6e5volosmq._file
Verdict:
malicious
Similar samples:
37299afa1d46a1aa02b7b06a39d41d876f454047527e406e7cbcb659833de728
AgentTesla
48ab2fd83cd1fc8b44e24f7e765521fb52fafa319f11ec89da4f05713990d0bd
AgentTesla
4b540d8dbf441994703593fb0d77bfecde0ea29daffd43b721de2bed1b9e497c
AgentTesla
6969a5c42b29f9bcb30766e666b617523fe8515b71affd16bfc0874f75c660c2
AgentTesla
69fe5bb4b975f9437b6c3bcf3f07dc807a8f2e848f1e0c5802012295b06a742c
AgentTesla
81967adfc60e1b5895f81d7bc1d1fdcb000f451a1524d56f831f43232b6841ff
AgentTesla
848b8d647cdae7cf35f1322fb01fa3aa122c3d783bfa7b66791ec4ed1a66fef5
AgentTesla
a21f2a9736d444429fc9180093fe9a8d14aa0b49cb11f4db0c91461b83ccc826
AgentTesla
af078dd29518dff5e63761879d05deff52166e3d925575082b27eff2c531c518
AgentTesla
d3585150a0d7118b7d4dd19bb781d4eee5887fa56bdd61a337181a9ff24f023f
AgentTesla
+ 883 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200708-4t61nbsxla/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Reads user/profile data of local email clients
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ef66cde6b62ac3498055d5644acc295b

AgentTesla

Executable exe 36418297fd0a5c6118bd0838825b7d54a9e144fea29428a48eea7c4ed5cb7499

(this sample)

  
Dropped by
MD5 ef66cde6b62ac3498055d5644acc295b
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/22984/

Comments