MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b977389b487ea178bc1ce4448a2a67c5f0a5d327a6c9500308574aa9945901df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b977389b487ea178bc1ce4448a2a67c5f0a5d327a6c9500308574aa9945901df
SHA3-384 hash: 452a412f3b86a523a9aaea97b048289b8a6fb498014dc7a6835f437069e6e509fa8c325194c3a5786942b08b3a092027
SHA1 hash: e3e70404c00beaa1185c50c49f3abf84ce9d887c
MD5 hash: a6353cb228c5035a9ef68d475da91fe7
humanhash: mango-alanine-nitrogen-pip
File name:Cables Demand.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:425'984 bytes
First seen:2020-05-24 06:57:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:LQzrue/gl1N/KPjPZ+nz8gLYBe8fCYW5bIWMhQ:LB1NKPEzmMYW50WS
Threatray 637 similar samples on MalwareBazaar
TLSH 469401656A5C877BC06D25F51052520603F68C2ABE83E790ECBEF4E687B33C84575AE3
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yifangcable.com
Sending IP: 209.58.149.65
From: Steven <Stevene@yifangcable.com>
Subject: Cables Demand
Attachment: Cables Demand.root.pdf.rar (contains "Cables Demand.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 01:18:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
0fdd378395c3c909429366bdd2d59fc8d2a04e47d9954b101da81be15b583c77
AgentTesla
3146e047d6021c93280619fc4b62a7bc945d70cd21163c05fad4e0048ce5d505
AgentTesla
644a0403a3c8254a3846b8c07aa7fdeb2cfe21aa5630ca3100949869f60ae407
AgentTesla
65310d8eb88574b37c3d5715c6eee910f2549099b512deb0ba9403c290f16340
AgentTesla
a8744a3ac642e71bfd57f1476bb54d94aee2d6f80ad4b41548931685debec08e
AgentTesla
c8f6c9f25558e561f9d510ffcfe8f81a2d701afc0ed3bb3ae2bb0435feb0fc9e
AgentTesla
d1dd3eabe8a8a8c417efe6e7727712720eaf1ce68058734d1df6834cf654426f
AgentTesla
d264b0408012a14c3c10a28e37f7e1dc11ef6d0c0d801913ed03afa118533032
AgentTesla
dba18c9e1704591fe1a96b251fdeb88e3b9d73acc49b2269dbb05f1ad065fa03
AgentTesla
fc44a6e861843ed0dca54174a5257b83c1e883eeecb13bd841f779c0aede0626
AgentTesla
+ 627 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla coreentity keylogger rezer0 spyware stealer trojan
Link:
https://tria.ge/reports/201109-21787mzed2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
CoreEntity .NET Packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1af00abb9629bb4bfd45b1f7994883add919e5d120d8844ab422e19cf3dfd770

AgentTesla

Executable exe b977389b487ea178bc1ce4448a2a67c5f0a5d327a6c9500308574aa9945901df

(this sample)

  
Dropped by
MD5 659fdfbe376f6463228d7e5913e5fef9
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1af00abb9629bb4bfd45b1f7994883add919e5d120d8844ab422e19cf3dfd770

Comments