MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d21f5fcd18544952bb7012782c68b9ab3f89f1d4ee154564eafc32cce59e1ada. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d21f5fcd18544952bb7012782c68b9ab3f89f1d4ee154564eafc32cce59e1ada
SHA3-384 hash: 2c346355b72e6db89df5006b9f2e70ce67a682915fb4125c4c91e2d81e938f698fb439479a180fba6051fbc122de7e09
SHA1 hash: 83e5d5220ca60dc0724e1744b1b9a7f6a9257dac
MD5 hash: 8bb23bc13aa4acd4dec0f2a6c439d6c8
humanhash: arizona-winter-floor-georgia
File name:file.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'071'552 bytes
First seen:2020-05-13 05:58:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 49152:GWMInZKN7evekZOrG9lDH22xbcnKflpDC/OI9uoCfRxnm:9MIn1JESy2ROojI8Hm
Threatray 979 similar samples on MalwareBazaar
TLSH A8A5F140E5049CA9FC1A5B75983BCC394227BE3EEDB8910E396DF2255BB33C2146AD17
Reporter abuse_ch
Tags:AgentTesla exe geo KOR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bioska.sk
Sending IP: 95.211.217.177
From: 조은애<info@bioska.sk>
Subject: 신규 공급 업체에 대한 문의
Attachment: file.gz (contains "file.exe")

AgentTesla SMTP exfil server:
smtp.ge-lndustry.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 02:27:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ipv7tiykrevfo3qcj4cy2fzvm7yt4ou5ykukzhk7qzmzzm6dlna._file
Verdict:
malicious
Similar samples:
13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
AgentTesla
3ecc7f6abd145158004019c01e8f8f7e56c2bc3d9b4625a3fe2e1eee470a7dd8
AgentTesla
5136cc442f7ff2a99cb5c3c64c0419d23a3aba57f7389af3a758615eb8b6d26b
AgentTesla
6033acde8c4bde98b22ad4e45db8bc34123e794019b42750a3430ba97e33c804
AgentTesla
6b946bb613a85c620302f21a45e55e1cf87fa06941df163aafcfbfcecb580276
AgentTesla
8978b5eb14061436a8d2249f9c92ac75d8307c83a09ea7aa3e6572f704b4335f
AgentTesla
ce79965e4d06eb68644640f4a9396de4cb4e3299d0702e494c045fc07ae03931
AgentTesla
d08aead15f73a995edb3859145a359316117d4b82d2c5a0f4a5b599eba28d263
AgentTesla
dbdbfa24b62d54b1624dac7d07bd939677342c820867b0d8993f0ab95af3d342
AgentTesla
e0cea593cef95fc3438ec707ef6d293c3189c3a3144a389f790cccfaec770759
AgentTesla
+ 969 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity rezer0 spyware stealer upx
Link:
https://tria.ge/reports/201109-khhx8dbass/
Behaviour
Creates scheduled task(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz f8ca530f4657f07d58a30c87d7779ae6dea8a47fd13367515ab55e88ba958133

AgentTesla

Executable exe d21f5fcd18544952bb7012782c68b9ab3f89f1d4ee154564eafc32cce59e1ada

(this sample)

  
Dropped by
MD5 f51e8158010acf1ad67e52c501e693fb
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 f8ca530f4657f07d58a30c87d7779ae6dea8a47fd13367515ab55e88ba958133

Comments