MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39526c337781027d89c2b2bab838ffcf78648792c4547d83b4dba7c6a26c0885. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	39526c337781027d89c2b2bab838ffcf78648792c4547d83b4dba7c6a26c0885
SHA3-384 hash:	97799a9336ec05738180f8a1606a5534db597f135a95dec55817f8485ccf0129fa6df549ded56e95924fcead37a72762
SHA1 hash:	2d89d84725cd3a68a181f1d60e9efc0ae562ae50
MD5 hash:	649de7ed6b7ccf4141cce7d50b7b944d
humanhash:	rugby-whiskey-island-fourteen
File name:	08-14235 COTIZACION.pdf.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	600'576 bytes
First seen:	2020-08-06 04:41:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	12288:mQznUf28FnxpcBA6s59gpumu/XP4NB/Rb6KSQf7s3H:VznUf2mnYuMuvPQbNfCH
Threatray	23 similar samples on MalwareBazaar
TLSH	D5D4D17122886FB5F47EA7BD9411260073F2E657C321FA8E7DE940CA49E7F814B62913
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing unidentified malware:

HELO: gasteev.com
Sending IP: 37.49.224.121
From: info@gasteev.com
Subject: SOLICITUD DE QR
Attachment: 08-14235 COTIZACION.pdf.gz (contains "08-14235 COTIZACION.pdf.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

69

Origin country :

n/a

Vendor Threat Intelligence

Detection:

AgentTeslaV2

Link:

https://www.capesandbox.com/analysis/39982/

Detection(s):

SecuriteInfo.com.Generic.mg.649de7ed6b7ccf41.323.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/412017

Signature

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses an obfuscated file name to hide its real file extension (double extension)

Yara detected AgentTesla

Yara detected AntiVM_3

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/39526c337781027d89c2b2bab838ffcf78648792c4547d83b4dba7c6a26c0885/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-08-06 04:43:05 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hfjgym3xqebh3cocwk5lqoh7z54gjb4syrkh3a5u3ot4nitmbccq._file

Verdict:

unknown

Similar samples:

169ffbdfdecd290276b788ad335072af8b734d6181a7814481e2c4d4670ae093

2a19861b5542b7a76129c027376c7c3902e38ab5d9914722af6b13eff1a28973

3ae1d5294542b34ed3a65d9b467d07a50146e561193e5923dd37dc3abcf81a57

57e06d364efb34c1e83e57e1bebf4bfe796bfdebfede5d8ad6c9235b99954043

74a4f01410127eb8a0cbfaaf9f8c60eb31bf8aad55599ba514d6ef02c9f660ff

75660f3d7f461c0559cabf3c76e0b44fad9ecb7fa85eb41a59b9c4192ef7f079

82e78f0c4c0c6064ba96cb12c0a4a9094b57a49540a053fe27f290f12e3afca1

99018a172fc8ca8a7cb4435e90e2f162064516d1d1c09f9545ae11741cbc7804

a10ce1d521b78847258cb7f037351b7af8c78391907bbfd78b513ea5345e37a5

a85526e4a0f78afd83f57f2d084c0bd4b82846a06a0aef80c473905561dcfb60

+ 13 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200806-7prq6twww2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.45

Link:

https://yomi.yoroi.company/submissions/39526c337781027d89c2b2bab838ffcf78648792c4547d83b4dba7c6a26c0885

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 2b795afc6697d5b3098bd55dea689e5e6ec8956ae81157c8c19f633742ee0241

exe 39526c337781027d89c2b2bab838ffcf78648792c4547d83b4dba7c6a26c0885

(this sample)

Dropped by

MD5 051ab535c50a9bc7ffe8300f8e01adab

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/39982/

Dropped by

SHA256 2b795afc6697d5b3098bd55dea689e5e6ec8956ae81157c8c19f633742ee0241

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample