MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8044dc7f383547fb4d9acfc1bfd1adfe3e6def133317a506b991e5b62a29bc63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8044dc7f383547fb4d9acfc1bfd1adfe3e6def133317a506b991e5b62a29bc63
SHA3-384 hash: 112e34c6a3cf79bc020bf3c6d7accff5ca2b5f374185310b30d8a4a5db62d7ec3ecdec174bfcf0b3404f82bae343c726
SHA1 hash: 2bec49a8e8f3bf8fd6d64d296c223e35a16cc8d5
MD5 hash: 613b84634e28713c96db76d7ffe339aa
humanhash: summer-two-cola-oregon
File name:GERMAN PO 1181- NEW 50MT INQUIRY.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'809'408 bytes
First seen:2020-05-02 13:34:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger)
ssdeep 24576:otb20pkaCqT5TBWgNQ7aNA8FaVtoYnMPkfJmnVjTrXqmNE86aLdb6A:xVg5tQ7aNA86nMPyJyBXN6aN5
Threatray 10'889 similar samples on MalwareBazaar
TLSH 2D85D0A2639DC264C6B35173B936B7536D7B781D4DA4B41F2FD46E2EBC20312011BAA3
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.zohofoodtrading.xyz
Sending IP: 138.68.13.151
From: salesdept@zohofoodtrading.xyz
Subject: NEW GERMAN ORDER- 50MT 5LOTS
Attachment: NEW GERMAN ORSER- 50MT PO 1181 - 1192.IMG (contains "GERMAN PO 1181- NEW 50MT INQUIRY.exe")

AgentTelsa C2:
https://bikewebradio.com.br/

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 13:35:27 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbcny7zygvd7wtm2z7a37unn7y7g33ytgml2kbvzshs3mkrjxrrq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0eb12d3962140a829e5447544771641c92bdfaa6a545af9d701b69f5a882fd14
AgentTesla
33f3c581f4bc6cb4c7e6b63a6857220ab404020f188650f11bf0ec55e96877a4
AgentTesla
373bbf9fe0aa747106f165d07c474e8e73c891e0150c87c90d8f389a3621c044
AgentTesla
4917103eef77ce8fd5beb88efd446180445e0ee6ac933f5e42443d3673d62bc8
AgentTesla
6c5cb355e6355dc5e245b7dbce846486af6995f8b4c155f2244420f8a21c7987
AgentTesla
6dc407eb41b8a813558364ae42dcdcce2019209615cc73141b9b6b91de15fd29
AgentTesla
8ad69f7487e5a7b06d3c9b12d4fdbf6604462f90ddc2e1986dd61eaf8427e724
AgentTesla
9abbf24b322068da5ac2e1581827d788d787eb8b31685863b1aa048f01ca5190
AgentTesla
9adde697bc903a7d76a736935a851f916bb6ef5d1e4e6d89dc023c1f21d43791
AgentTesla
ddd78da962ab1cd6366af9c647daaa7f234e8125c62b10cab1eeb715f4c0e514
AgentTesla
+ 10'879 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 46aea26e8f56dc23f73abcad5be9e8643692ebdeb90b845bcb80c9782067110b

AgentTesla

Executable exe 8044dc7f383547fb4d9acfc1bfd1adfe3e6def133317a506b991e5b62a29bc63

(this sample)

  
Dropped by
MD5 d2a584f51d890305a78fadaa2b34ef55
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 46aea26e8f56dc23f73abcad5be9e8643692ebdeb90b845bcb80c9782067110b

Comments