MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a007c974d0e999a91fb8e3c81489642b608dee675c411d99baf42499c64cc1a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a007c974d0e999a91fb8e3c81489642b608dee675c411d99baf42499c64cc1a8
SHA3-384 hash: 89bb29ac04081e4aaff61e1aa49f13f247fbec7ecd5f22c784222d7e8d59880fb2179d3a05f73c1aa1253a2cd4966ad3
SHA1 hash: b3a652c2d3e87481c828dd32013fa0387dbea493
MD5 hash: a526291ca95df6367cdb50d1adfd7a2c
humanhash: beer-hot-yellow-bacon
File name:[C38226] #TD JMMasuda_Mfg.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'780'736 bytes
First seen:2020-05-11 15:19:37 UTC
Last seen:2020-05-11 16:11:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 49152:ipgdXGQJmsfObsXAdednmkRlW+Pf1Dow9UXqH7fawgqJY:PJjmbsXFdnmkDW+P9Dj9hbDHS
Threatray 552 similar samples on MalwareBazaar
TLSH F285124426BD5731F07A8BF408B0A115C7F9B95A75B8E35E8DC221CA1AE6F80CD81F67
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outgoing28.jnb.host-h.net
Sending IP: 129.232.250.44
From: "Patryk Mazur" <Patryk.Mazur@tkship.com>
Subject: RFQ Our Ref: C38226
Attachment: C38226 TD JMMasuda_Mfg.r01 (contains "[C38226] #TD JMMasuda_Mfg.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48635.1659.30497.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 15:37:16 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uad4s5gq5gm2sh5y4pebjclefnqi33thlrar3gn26qsjtrsmygua._file
Verdict:
malicious
Similar samples:
2acce03be9204acbcc6fc59fa5bebc3720d91a9d7daa122c0ea086c4727fafce
AgentTesla
58933d7bb0147da562d240bc3c9974ecaa552f35495a773345e1e7d158f39588
AgentTesla
58fa191f38b25cab67921a0f3c0aba75e5254ca139733df9dca6eec26fae1377
AgentTesla
7a55018c2903edf26bdfbbd5df47c352197170b75a04af058a35d2332d9e6b50
AgentTesla
9fed5314906b5873cd970313215aeb2714819bb965dc4bb7648154f1dddb6680
AgentTesla
b020ed473e1a965d4de31c00fed475e683f808d9665b207bb41cfdb77f53bcfe
AgentTesla
b9f1a9cdb6f068f9222b8cd906ed162d74be5662bb9dbad5540d8cc51d1a4e6a
AgentTesla
bbb3afd846cc51e61380effeaceabc21e15c8b4ccdab6d821697191605a00c60
AgentTesla
db54bb9d7b9d9bba3cf4945c6eb5f637f4726f5009d26e14857ff303abd16e7a
AgentTesla
f7216d025821af6be807018f12db7c5a5bd3cd21ef0176b02c6cbe0f05ac4cf7
AgentTesla
+ 542 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity rezer0 spyware stealer upx
Link:
https://tria.ge/reports/201109-c8x3pdfhfa/
Behaviour
Creates scheduled task(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r01 ed7cf9ac32d232ae495682610b66e694b76a526e0b3b2b56aab3e19f146d4ea2

AgentTesla

Executable exe a007c974d0e999a91fb8e3c81489642b608dee675c411d99baf42499c64cc1a8

(this sample)

  
Dropped by
MD5 3706a2824369e363f10184958880a693
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ed7cf9ac32d232ae495682610b66e694b76a526e0b3b2b56aab3e19f146d4ea2

Comments