MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 390b85b8051b350bd2c14154251b6501bcce3a9a81dc4421d3fef8685cfd45f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 4
| SHA256 hash: | 390b85b8051b350bd2c14154251b6501bcce3a9a81dc4421d3fef8685cfd45f4 |
|---|---|
| SHA3-384 hash: | c47ea094f055a85a28969de1d2e43e7176c6c177e021dcf898e49495c4a3ee07985d0af367937d358d387394a2bcc599 |
| SHA1 hash: | 352c2696355185bd72b9218569385acdaf647749 |
| MD5 hash: | 9115b2a4550d15c4c4c62525912e7088 |
| humanhash: | dakota-helium-vegan-pasta |
| File name: | DHL-#AWB130501923096.exe |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 458'752 bytes |
| First seen: | 2020-06-14 10:31:58 UTC |
| Last seen: | 2020-06-14 11:42:15 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger) |
| ssdeep | 12288:t2Ao4wYiCwLYojAFuvLHTyJGFm1D4cPMciE:t04PiCwLYDoOJGFmVko |
| Threatray | 29 similar samples on MalwareBazaar |
| TLSH | 21A4020C379D6B22D1BA8BFA49A2654403B496B72522F34E1EC431DD5DB3F864A42F27 |
| Reporter |  abuse_ch |
| Tags: | AgentTesla CHN DHL exe geo |
abuse_ch
Malspam distributing AgentTesla:HELO: dhl.com
Sending IP: 95.211.208.25
From: "DHL快递中国" <jenny.sio@dhl.com>
Subject: 由于发货地址错误而退回发货 - DHL-#AWB130501923096
Attachment: DHL-AWB130501923096.pdf.z (contains "DHL-#AWB130501923096.exe")
AgentTesla SMTP exfil server:
smtp.yandex.com:587
Intelligence
File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-06-14 10:33:04 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
unknown
Similar samples:
+ 19 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Score:
10/10
Tags:
family:agenttesla keylogger persistence rezer0 spyware stealer trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.