MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cc2da9649ceac73f18ef6fe03add950641f8ccf871d325144628595f83f4da1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5cc2da9649ceac73f18ef6fe03add950641f8ccf871d325144628595f83f4da1
SHA3-384 hash: 8641685371ddabc678a2c3473c566115f17416c34c26db2e41afe53eee1e9eb2c159539cc960900e70e07713c7acfcdd
SHA1 hash: 2faf6d1a9d7ce62e81c42380f7d67aec71afea98
MD5 hash: 82750a51696e3e2a222a5d6c2233de98
humanhash: mike-friend-september-butter
File name:Delivery and parking list.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'369'088 bytes
First seen:2020-05-13 06:16:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f63caebe1e46d29542ea606034a7da47 (7 x AgentTesla, 4 x Loki, 3 x HawkEye)
ssdeep 24576:lzfHZjEuYv0l1zrSQ4oRqVc0wRdZtUV3q3CdqcyedO/:lztlR/GVc0wRtUV6Sdqc7dO/
Threatray 2'245 similar samples on MalwareBazaar
TLSH 9E55D022F2E04F37C1B31A389D1B5664993ABE103B3C6A476BE91C4C5E3B7523935297
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hosting12.ji-net.com
Sending IP: 203.130.149.250
From: pampa <rosaroca70@gmail.com>
Subject: Delivery note/ Parking list March 2020
Attachment: Delivery and parking list.rar (contains "Delivery and parking list.exe")

AgentTesla FTP exfil server:
desguacespalomino.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.Trojan3.APDS.16897.29180.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 03:05:16 UTC
File Type:
PE (Exe)
Extracted files:
293
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ltbnvfsjz2whh4mo637ahlozkbsb7dgpq4oteukemkczl6b7jwqq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
1c532443aa80a49172a1be87a4879c5be4a4c365b2d0a3e4e5be58de42c96ab9
AgentTesla
4258daa1c36c896d0c4998c61f47939ff18c1b558e446327dd6146d6e709d9ba
AgentTesla
4b675daa6c54e06962ef1162fd7fe105fe9e76193626ec451dda29081cab3582
AgentTesla
5ac7829c9c8f38d2e9494f433e262b9dd03d524728567147bc9d0967abb008f2
AgentTesla
6b4a26a618fab7ecb7343d5c70f6117d63d2ff5fc913b6de9758d8e4acd71122
AgentTesla
a6d7bfbd77ae3455cac197401af65984f6e921f0a3b8d4946df49d0f381fad2b
AgentTesla
abb92cc0ee7de64a2e4c8ed099c996bb211dd7645bc78c993d66a7b159ff561e
AgentTesla
ad75e1f7e686538860a9ae28ba0b68fb3c528c403618cf34b26a2b541e7bd0a2
AgentTesla
b8d0aaaac4f35677e4817853585a51dbdcd93cd1a35081e24557107584f318a9
AgentTesla
df981c11b8789dcff16652bae782bd8f5112ccbe7377d3f5088be62e2469b214
AgentTesla
+ 2'235 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger spyware stealer upx
Link:
https://tria.ge/reports/201109-3wadmyxhl2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f896e754f828e5c1b454116f060cb5c2ec42807f7918bbbf1f6d21bad9a8f67a

AgentTesla

Executable exe 5cc2da9649ceac73f18ef6fe03add950641f8ccf871d325144628595f83f4da1

(this sample)

  
Dropped by
MD5 576cdb020d980525866d2e922b7be6ee
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f896e754f828e5c1b454116f060cb5c2ec42807f7918bbbf1f6d21bad9a8f67a

Comments