MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96294065147a8f8c813770d37a3d5f5f0888218148979a20c658a8aabdbc5e1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	96294065147a8f8c813770d37a3d5f5f0888218148979a20c658a8aabdbc5e1a
SHA3-384 hash:	2f32f81a927904772580055c8c588c1977eb4cee37ebd732286e80bb73bec164feb19a5ec58065544bf599a4496db61a
SHA1 hash:	bcdb56341e43c03de64e836ebcbfb184f74f1d8b
MD5 hash:	e2f5f5dd90c385e6d26c69fe089a3eb7
humanhash:	winter-gee-finch-tango
File name:	Product Inquiry.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	561'152 bytes
First seen:	2020-08-17 13:56:09 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:5w4EcmZHAFaxmVmie9bngPodlv7vG736R4wFd4K+GCZGx6Q3Nbi9fugoHLE1UnZ:i4EcmZHAFaxmVmie9bngPL6Rdd4lRGxT
Threatray	108 similar samples on MalwareBazaar
TLSH	87C49C5A38D0E3DED0E64FB959149C1633FA2F5A0606A90FDC6B39D363E9BC1BD24442
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing unidentified malware:

HELO: clicklife.clicklifeuae.ae
Sending IP: 64.64.4.134
From: SALES MANAGER <info@cgc-kw.com>
Reply-To: SALES MANAGER <info.cgc-ks@mail.com>
Subject: Product Inquiry P/O,
Attachment: Product Inquiry.zip (contains "Product Inquiry.exe")

Intelligence

File Origin

# of uploads :

1

# of downloads :

71

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47065/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/433663

Signature

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AgentTesla

Yara detected AntiVM_3

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/96294065147a8f8c813770d37a3d5f5f0888218148979a20c658a8aabdbc5e1a/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-17 05:57:27 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=syuuaziupkhyzajxodjxupk7l4eiqimbjclzuigglcukvpn4lyna._file

Verdict:

unknown

Similar samples:

04066d2aaa261814ebb764b76ec4977184b985cd0c56917145068aa37de50965

15f484bed822c914e22a06808ef5854dc51dde0f91972bcaed4f77e64fdcdbb6

1cbe5c93975d0709bab62983b310eae641c358bcb395aceee46aecb0652dd5ff

5322e7a27ec42624dc33ccd0674e59df692baf5cbe9d1a6e52d8ff01f9b2b3a8

691eb9a4675c76f72ca03595137e3215b3ddf27c040d7bc871301ef847b0f609

7ed7208dfa92550e6dba4b98ced2dece328e230f4e57f4981031d172cc12690c

882586662df0dc17a0bc508de04ef96a8397bf207ddc9330ed9a4e340eb0eb8b

9cee28ff70f09aa9628d5f760a033e40e320d31d3cab3d79edd0d9d86575e1e2

b044fa4d76f9c6799b1c9a15a1f70fc687a8116f7ea4ef9282e2d50a8bca4c8e

c68168c3cb938e2173e34bb5f8995e6e0f71fa47ec4a0d8f06744fbbdfd185b5

+ 98 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200817-4x2lzjcwtj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Program crash

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.61

Link:

https://yomi.yoroi.company/submissions/96294065147a8f8c813770d37a3d5f5f0888218148979a20c658a8aabdbc5e1a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip d3e5d9a73d9a5b1517938b75249c4ff25792b0ea4badd1259a84af20f76bf5a1

exe 96294065147a8f8c813770d37a3d5f5f0888218148979a20c658a8aabdbc5e1a

(this sample)

Dropped by

MD5 511254c83847bf49d084503b227f36bd

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/47065/

Dropped by

SHA256 d3e5d9a73d9a5b1517938b75249c4ff25792b0ea4badd1259a84af20f76bf5a1

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample