MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d08aead15f73a995edb3859145a359316117d4b82d2c5a0f4a5b599eba28d263. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d08aead15f73a995edb3859145a359316117d4b82d2c5a0f4a5b599eba28d263
SHA3-384 hash: a6c4175fd949fc9a992df4bd37f6d4d5881214be7b72c2fc0462e6cf08f6114025fbfecb4a33378fafe8a9c915e47cb4
SHA1 hash: 89e7f1596f3a87fa73fefce73b669845822263d4
MD5 hash: b0acdfae9280faed7dd513708d8de5e7
humanhash: kilo-shade-foxtrot-william
File name:68793.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'694'208 bytes
First seen:2020-05-13 11:08:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:4Edr8iPy5jkcP41KCkmyPHiJCNJPtnTJu/hn7NDf/r9rV19X/6rW9P7:44HyVkcPwrv8wC3tnTEZ7NDfNVzxp
Threatray 1'024 similar samples on MalwareBazaar
TLSH 9B7533795B4C1E2FCA8E6AB28264542CA3F58E6AE9C7F78CACC473DC15757D00122D83
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bioska.sk
Sending IP: 95.211.217.177
From: 赵恩爱 <info@bioska.sk>
Subject: 询问新的供应商
Attachment: 68793.gz (contains "68793.exe")

AgentTesla SMTP exfil server:
smtp.ge-lndustry.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 08:57:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2cfovuk7oouzl3ntqwiuli2zgfqrpvfyfuwfud2klnmz5ori2jrq._file
Verdict:
malicious
Similar samples:
13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
AgentTesla
3ecc7f6abd145158004019c01e8f8f7e56c2bc3d9b4625a3fe2e1eee470a7dd8
AgentTesla
5136cc442f7ff2a99cb5c3c64c0419d23a3aba57f7389af3a758615eb8b6d26b
AgentTesla
6033acde8c4bde98b22ad4e45db8bc34123e794019b42750a3430ba97e33c804
AgentTesla
6b946bb613a85c620302f21a45e55e1cf87fa06941df163aafcfbfcecb580276
AgentTesla
8978b5eb14061436a8d2249f9c92ac75d8307c83a09ea7aa3e6572f704b4335f
AgentTesla
ce79965e4d06eb68644640f4a9396de4cb4e3299d0702e494c045fc07ae03931
AgentTesla
d21f5fcd18544952bb7012782c68b9ab3f89f1d4ee154564eafc32cce59e1ada
AgentTesla
dbdbfa24b62d54b1624dac7d07bd939677342c820867b0d8993f0ab95af3d342
AgentTesla
e0cea593cef95fc3438ec707ef6d293c3189c3a3144a389f790cccfaec770759
AgentTesla
+ 1'014 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
coreentity rezer0 family:masslogger spyware stealer upx
Link:
https://tria.ge/reports/201109-tfled665kx/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3ae17874e90f4cd46cf4af6bb5387be460ddbbd9243cf0a03e9a5250edffeacb

AgentTesla

Executable exe d08aead15f73a995edb3859145a359316117d4b82d2c5a0f4a5b599eba28d263

(this sample)

  
Dropped by
MD5 e066ad13d8988481aa2113eb1ffbdb9b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3ae17874e90f4cd46cf4af6bb5387be460ddbbd9243cf0a03e9a5250edffeacb

Comments