MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6f512cfa75e700baf5ca97be34d3b8dc03f4459dd2c11b018ad18d68140a988. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6f512cfa75e700baf5ca97be34d3b8dc03f4459dd2c11b018ad18d68140a988
SHA3-384 hash: 3de76bc98e3b68d057685d4d57629b855fe311518af2567ebff055d2675d70b5346a099819a97bfc1b1d436e4168ea4d
SHA1 hash: e6f20e30984d7dcac48188e59414d3516c674d64
MD5 hash: 354ed8884c3a40a6b7c617af1bdadcc7
humanhash: four-echo-potato-nine
File name:Receipt for Order #1144.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:407'552 bytes
First seen:2020-05-25 13:57:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:xrcgF/w83UJRgIjCoV8XSX69DAyXWu+fGCm:gXbtD0T9E6+fu
Threatray 160 similar samples on MalwareBazaar
TLSH 5284122DD3ECA92FCA6900FAF05AC14427F5B75AE1D3E7C94D81F1B99A433A18932117
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: seedmech.com
Sending IP: 209.58.149.65
From: Mainkar<vijaymainkar@seedmech.com>
Subject: Re:Fw: Purchase Receipt for Order #1144
Attachment: Receipt for Order 1144.rar (contains "Receipt for Order #1144.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:36:54 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2176a0e2b600d06c89a8ebeeea19444df5a5ede09639af04f88d734b7fe01633
AgentTesla
24ba43e08e645a71b01db7cd77883fd1aa4c21e834f45c4f690768ed28c23552
AgentTesla
4850ce25c3caf99fc7f558ec6666d08c43d69ed4e1be9a8fd37f289db69561ab
AgentTesla
642ce48af8f6fb3c7a74225655ef59a92e7cd4fcb98dc4af02359fb3490a9c55
AgentTesla
6cacb53730640ce58bbb9c5bc6c6d39b5ea9c7a0d21eec9ce131f82c0e159361
AgentTesla
89c3a9a4a75c80b3552df2a5bda935056bc3a55a6f76b264645593cb966e2b74
AgentTesla
b3088a313a00c6774cb853379f427ffaab01a528a4561f814e2c7af24e5bfba2
AgentTesla
c4a2c8397cfa4f7f16a317aad541b6c48e35c4420249f702b2c6f01faf66ef61
AgentTesla
d807dcfd04f5d5eac71522a29a6911c504039edb6277ba9b35953ca9f5fcef8f
AgentTesla
e836f76c716c021e89d19ee4e4456e04b04b1041fe04fdaa6ac7523d35ef3b60
AgentTesla
+ 150 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla coreentity keylogger rezer0 spyware stealer trojan
Link:
https://tria.ge/reports/201109-3bna85e9k6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
CoreEntity .NET Packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 218039feff62488500b1e17239a11b1b932de7b3a720bb597ba8ec3fdb33f97b

AgentTesla

Executable exe e6f512cfa75e700baf5ca97be34d3b8dc03f4459dd2c11b018ad18d68140a988

(this sample)

  
Dropped by
MD5 58e7615b07069f6ad201b36ed28403d0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 218039feff62488500b1e17239a11b1b932de7b3a720bb597ba8ec3fdb33f97b

Comments