MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acd3a83423dcabf68bbb38ebc886f923fd1c5ba2fbf13f68e377f8895a1c5073. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acd3a83423dcabf68bbb38ebc886f923fd1c5ba2fbf13f68e377f8895a1c5073
SHA3-384 hash: 4e67685121198dd51fc90413a8d85ad0bb6f877510d6e8e1ec260595070bf6adc4aad5ed7555600ccd57f1d5160a78e4
SHA1 hash: f3fc14a10da394220ae3ff9226f4f5285a1eb4d3
MD5 hash: 7cf3f6bad69e193a003c042916e2f528
humanhash: failed-lemon-finch-magnesium
File name:RFQ-OGH733_pdf.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:934'400 bytes
First seen:2020-05-01 13:14:32 UTC
Last seen:2020-05-01 13:50:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:6Bt420HvsCQFhTNBlb2L/xLP+9j8lkxRXpek9:UJWvYHNb2L/9uj9RXpeO
Threatray 75 similar samples on MalwareBazaar
TLSH D5158CE0DE8AD50ED6AE05F4C45DD14AC6B8EF4A6382FF585940F3A818B220DCCD95F6
Reporter abuse_ch
Tags:AgentTesla scr


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.en-plasnic.com
Sending IP: 89.32.41.129
From: Ms Diana Ali <xtrader@en-plasnic.com>
Subject: RFQ-OGH733
Attachment: RFQ-OGH733_pdf.img (contains "RFQ-OGH733_pdf.scr")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43686.8431.11169.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 07:32:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vtj2qnbd3sv7nc53hdv4rbxzep6ryw5c7pyt62hdo74iswq4kbzq._file
Verdict:
suspicious
Similar samples:
0f3796394a5e425855d842187813997be61e79058cfc546da575b27cf8c09ffb
AgentTesla
2bb06f09556b4531015208c97a20dd3b56d6b82b2d3f49a353dc65be55da4623
AgentTesla
63ffc920c99c00673877a870e745cd73a11892a464bb04f484d6b166db7fd1d4
AgentTesla
6426bb813f2c02db79c20887cdbb42bbb8a3c0f12b34369fe24150408eaf8f8b
AgentTesla
6952537ae0d4b3408a2e50d0f4466c2b023f82f4aebcb8fb8205525f3b232ff3
AgentTesla
72ec03ca08ff77ca14f3a6391fed5e716df65cbca4329a372876dbb451cbc448
AgentTesla
906f3fbf6a6face0d18f8e7d6b4f670df91f558cb9f4719fea860748f3964891
AgentTesla
92bee9898c4a67a5fe3a209982221c240bc96627ee3fac96369eafa443bde986
AgentTesla
96382f5a4c395562a3d763a7f61e09486af57987d43e5cd231063993bb6952ac
AgentTesla
c639174f0dd193464782b116b0924d7b46c0390fa023093269fb304178c4b403
AgentTesla
+ 65 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 7cf6de390083baa2eef3966765be1939f85f55a2e69f1c447341c88cc39d5b11

AgentTesla

Executable exe acd3a83423dcabf68bbb38ebc886f923fd1c5ba2fbf13f68e377f8895a1c5073

(this sample)

  
Dropped by
MD5 5bf3f6490a0cc35c063639cfa40b9f3b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 7cf6de390083baa2eef3966765be1939f85f55a2e69f1c447341c88cc39d5b11

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments