MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d290c553a74997c9e3c6fb11f2f369daf4dea8dffa9499b3c58fe92073ddd36d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d290c553a74997c9e3c6fb11f2f369daf4dea8dffa9499b3c58fe92073ddd36d
SHA3-384 hash: 1e1c930048408bfadb8e6c9611c8fff211ee5e187f2e0c8ab6782955ea5f027a0435f159f1489035127e794890ff0452
SHA1 hash: 08ff4b9f554b28770d7c6dcdaa31b7c28becd2e2
MD5 hash: 4c4c28ad52251151290caf58567459f6
humanhash: indigo-louisiana-bluebird-moon
File name:Shipping Documents.pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:519'680 bytes
First seen:2020-06-25 08:14:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:tProBHezAsZvgBPNCeF9A25oYcEO8nyKme:hopeyBP0eI25oYPyVe
Threatray 108 similar samples on MalwareBazaar
TLSH 35B4F104236C8F99D5BE8379E0E2205483B88503615BFB5AAFD179FD2DE37E1840B667
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14017/
Detection(s):
SecuriteInfo.com.Generic.mg.181bf63f744587d9.5579.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Using the Windows Management Instrumentation requests
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d290c553a74997c9e3c6fb11f2f369daf4dea8dffa9499b3c58fe92073ddd36d/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2kimku5hjgl4ty6g7mi7f43j3l2n5kg77kkjtm6fr7usa4652nwq._file
Verdict:
unknown
Similar samples:
035257ae0a018773a432a265b22973d106cca4440d036db259372840a18bf25a
AgentTesla
077bed35106dd8173082a4e4eddb5bcbdbd8d8bd9557de83d89ddb4b5da40b5e
AgentTesla
080dd774b0a6831dda34dc5eb8eb7f6e7f886407cf5a9ef0a47a819bb072c829
AgentTesla
40afcc6e1d0b2d6184ac09a8dfcfef7298dadbe2bc7abf9f6734c5358fdcd9d1
AgentTesla
7039f9766e215e062bb06afd3136a52616154b87eaddda81923a664a4ce2e40b
AgentTesla
bc1fe9a18fa14134b8a864f83aafe096bdb62d4355024b906ea78dbe2fa3b0fb
AgentTesla
bd06d782b92aa3a26b476fb5f8c89127d8c663b6a78b40cc62bf17975be348d5
AgentTesla
d191e42d3944f8837d148ddd357df361c1147f885e2210fe0dc22390a7deb3a5
AgentTesla
d4898dcbdd4c0c1789c223c276f1e1b378f34b69cd653ad9b49a330229d25527
AgentTesla
fd0cd831a2b4aaaf931179f6306bd0f77984640e9216b0adb7e172d471877954
AgentTesla
+ 98 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200625-br9x6mpxq6/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Reads data files stored by FTP clients
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1e765a9b2cd4c915bae39ce72939abc3b2317ddbbba8b0ecc6c601a9789c84e9

AgentTesla

Executable exe d290c553a74997c9e3c6fb11f2f369daf4dea8dffa9499b3c58fe92073ddd36d

(this sample)

  
Dropped by
MD5 7a368cfa4bc2d8230035ce48fc9350dd
  
Dropped by
SHA256 1e765a9b2cd4c915bae39ce72939abc3b2317ddbbba8b0ecc6c601a9789c84e9
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/14017/

Comments