MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b274e5bdb1d3f6b09fc4b493ad952f19842c251fe6d6a145df1b722ec1a3be7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b274e5bdb1d3f6b09fc4b493ad952f19842c251fe6d6a145df1b722ec1a3be7f
SHA3-384 hash: 4d1ceb2f6b3df1d763b1e26d4f0353eb71ea3b15fdf04d2dd4fe4cb6e881dd8670c90daf3deb633bfc431143d750e15a
SHA1 hash: bc22c817eddc7f3af9f1165f7e39c41fe1ce1b81
MD5 hash: 0fec2cd1a8286b98d2f134d786123584
humanhash: robert-king-fish-eight
File name:Product Specification And RFQ#78900YG07_pdf.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:525'824 bytes
First seen:2020-07-10 07:09:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:ILp6Q3pamR+PKqOvqfV1J43SSTXLn4M1Vl8iiJ3iX:DmoHOy9s3SWLPl81J3iX
Threatray 99 similar samples on MalwareBazaar
TLSH 3CB4E194B56063DDC87BC7B5A8391C519B713C6BC23EC20A2C8336DE177AB929623D53
Reporter abuse_ch
Tags:AgentTesla scr


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outbound.msecuredatalabs.com
Sending IP: 216.55.99.205
From: Account Department <cs@surana.com>
Subject: Request For Urgent Quotation.
Attachment: Product Specification And RFQ78900YG07_pdf.img (contains "Product Specification And RFQ#78900YG07_pdf.scr")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24250/
Detection(s):
SecuriteInfo.com.Generic.mg.0fec2cd1a8286b98.3684.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Using the Windows Management Instrumentation requests
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b274e5bdb1d3f6b09fc4b493ad952f19842c251fe6d6a145df1b722ec1a3be7f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:11:05 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wj2olpnr2p3lbh6ewsj23fjpdgccyji743lkcro7dnzc5qndxz7q._file
Verdict:
suspicious
Similar samples:
046fcefda9ada308cb42a92f7f3237de20c0efc259c1b7ef649d528577dfe2cf
AgentTesla
130a1070851bfc4e41ace49185b630338cd5c108a53e0d46d09a0abb258ece6f
AgentTesla
448b0a449c23cf6b69459242a709785a3fa1c3cae3d4399673f2e20d0eec6be0
AgentTesla
9742adf8c511be66c57c236b2849338090c3b7cc0f7ac13f5ff14cdcbfe19912
AgentTesla
bfbb3994c6e4d6ae2d30921757d039e004d1f5274c314765e641bf111bc0dec7
AgentTesla
cbbdd903cc05a12c3fd5bcf2ab1a651800245e7003fcf6df5a1a7b1c362cf96c
AgentTesla
cd9532fea4c331fed21dd929be9a963c50662e545e38a63fcae56cf13199fead
AgentTesla
d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5
AgentTesla
f81ffe76cfa1447a52ab6613c83933a5040b49221bb16c5a86ba416b3026240b
AgentTesla
f892f7e0b4bcfd9084ac791d72a87a95a16ca175a154faf0a2e24da5dd205bce
AgentTesla
+ 89 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200710-274sttaa56/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Reads user/profile data of local email clients
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img e895c42f1546af9b06b9e98c45b3e8db76804b2e7f3e1ac26f75342d17512ffa

AgentTesla

Executable exe b274e5bdb1d3f6b09fc4b493ad952f19842c251fe6d6a145df1b722ec1a3be7f

(this sample)

  
Dropped by
MD5 67b94fe659f2d3bd36d6f6bb89d18e25
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e895c42f1546af9b06b9e98c45b3e8db76804b2e7f3e1ac26f75342d17512ffa
Cape
Cape
https://www.capesandbox.com/analysis/24250/

Comments