MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3d8a2df50dffafea2a385695cb95e534bbb16c3ccb22675d8f1cc40dd4b4bba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c3d8a2df50dffafea2a385695cb95e534bbb16c3ccb22675d8f1cc40dd4b4bba
SHA3-384 hash:	6ff9b2971bc086e027a16251e0891d6adf3f8a1e92a3fc518b4b8b77ffa7ef616641369fe17d67613ddecb7c718b4a75
SHA1 hash:	f6035d55e27b07dc7f01a74552b7a1f03e1b9fab
MD5 hash:	7d6a5f6df352a802ff0a268d00457f8c
humanhash:	victor-angel-arizona-seven
File name:	Payment remitted.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	435'200 bytes
First seen:	2020-05-11 19:54:10 UTC
Last seen:	2020-05-11 20:47:25 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	be42d6107072948690efe619381545f8 (4 x NanoCore, 2 x AgentTesla)
ssdeep	6144:fr+t9j+GP9NW4dble28ZLOS3+pVoEhZPJ5EW/R0xfZBS44x+SWbNdvK8Y:je+oNWyY2ELOtbR5EWufZBS44sLbbY
Threatray	11'605 similar samples on MalwareBazaar
TLSH	28942209DBF60A76D8095877AF135E086312F4E1AE0E2F234B10CD9EF4766975DA0A07
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

2

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

PUA.Win.Packer.Upx-4

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-11 11:35:03 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ypmkfx2q375p5ivdqvuvzok6knf3wfwdzszcm5oy6hgebxkljo5a._file

Verdict:

malicious

Label(s):

agenttesla

hawkeyekeylogger

Similar samples:

09b0e2a84a8e7165c5a3b23efcd53cde0a7090e1ebe09a86cca86c33f7c39290

2b80556f6cd49c291e54b1f0d7d3f15664958412ea6d2c36273e356de9081966

32f1988136652091a902ab7c0238d9cb5ee033fe10a83e22f760150a2fa38676

3c2d8f447c9bf0c0f88addeed6865b86fd1927c23c71dd551251704813f42a23

6a5bf81d82a8112290a0eef40ece993c13143ad63feb1b4452528187a98627b0

9836dae82868c0e7f17114f7fe63e0f5b94f8e99e0c597f43ae12a365458ff69

bb4c95b7c979b3b470fb57f03044950d1340aa7707f5a734aa5b1d21e07c2459

d7f11cc278c20baf70df2e5c59d06532b9164e894fcab195d6e5bc69ccf3af70

ecf0a8a19a7ac332b6443616cab0109078c01d6d202a2eae337486e2fc388414

f961b3aec87937a824418177759ef0fcff251770db2104664ce964c51af85621

+ 11'595 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger persistence spyware stealer trojan upx

Link:

https://tria.ge/reports/201109-ctrydmpp36/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies service

Suspicious use of SetThreadContext

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

UPX packed file

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe c3d8a2df50dffafea2a385695cb95e534bbb16c3ccb22675d8f1cc40dd4b4bba

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample