MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0
SHA3-384 hash: 49d165fdbab919711e9561cb2af55c84e583379a21f030dee27ac33b5af482ad08a4ed318bb02a1175c2fde893b07b0c
SHA1 hash: 4f800303d7d479be1afb099a5cd5531331c0da78
MD5 hash: 3ff1b56724394edb6d64b7f34dcc25e7
humanhash: crazy-mexico-ack-florida
File name:921009-2_Product_List_Specification.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:614'400 bytes
First seen:2020-10-13 10:42:25 UTC
Last seen:2020-10-15 09:38:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:Vgx93TOr2xw9AeW/dAMcOevFAm/c872i2IcKX2FTqxb0Ia5DrsiKuMF:ynjE9AeErcnj7907sTX
Threatray 467 similar samples on MalwareBazaar
TLSH EED46B4A3F926D0EFA2D4CB2C43D192CD250E15A7207F347D522A5D87E8EB6DAE021F5
Reporter abuse_ch
Tags:94.156.175.95 AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Celine castellana <celine.castellana@corteva.com>
Reply-To: Celine castellana <autoreceive@airmail.cc>
Subject: New order/Fax
Attachment: 921009-2_Product_List_Specification.img (contains "921009-2_Product_List_Specification.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70405/
Detection(s):
SecuriteInfo.com.AdWare.MSIL.Testing24.19722.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Stealing user critical data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/489554
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0/
Threat name:
Win32.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 10:44:08 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bubnz4hbtzlsnghdrx3vy3qbxk2ke3sklr3gi7dltds5wldbflqa._file
Verdict:
unknown
Similar samples:
119d234e1f826adac6d68a614251fb9d1a20a4368102068ea030731372546f3c
AgentTesla
150bca9ea5a4c5835f0e665b2db300d12a741b3a452c74678be7d0ee8236668f
AgentTesla
205cd594827a0ed3b674ffb492157d3b99b7dab529ba8da44249b236558f67c4
AgentTesla
3142e234938b7d0d3bccb3faada5555b00f9e5d8fe9fc7dba7efe07ae03e4d99
AgentTesla
4860cb79d48f09752c0eba163826c282307e9dbef708c480f2c48af61265d25f
AgentTesla
5306ccf8e071dfadc74127764af12ce26295dea128a1a73c93152fc4a5d47edf
AgentTesla
69fd68e42bf6c97d7d97134c248ced79cd81fe6b58873b3d31558bf4d875a097
AgentTesla
9cecd56c5d9b1ea083ef837edb999f89f1cc620c5923b81d33ddcbb857199018
AgentTesla
d0be07347ce319cbce0fa252c4a030834dafe118c2ea50a6e05951ecf06b20da
AgentTesla
eda68de6706516012cda72a22a1e9e089d85ad324f47768bb982eea97836fd8d
AgentTesla
+ 457 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201013-pf4j8c72ve/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0
MD5 hash:
3ff1b56724394edb6d64b7f34dcc25e7
SHA1 hash:
4f800303d7d479be1afb099a5cd5531331c0da78
Link:
https://www.unpac.me/results/3a19bf5b-9f5e-4b5f-92be-1c616c64ba22/
SH256 hash:
32e85477679a33037cc561f227bd5c86a88ac42677d729d8871ff0968ef10da7
MD5 hash:
8951cfc8a2869476f2fad0ccd957c28b
SHA1 hash:
b57ede7aa84e4034bd1a858fda11cd3c5a7a2cb0
Link:
https://www.unpac.me/results/3a19bf5b-9f5e-4b5f-92be-1c616c64ba22/
SH256 hash:
3f60312ef107716cd598a4a334c6f8a871e8ad7d18fec965d73e892cf03c5d48
MD5 hash:
489d6f4f73eceeaeaa157eb79ba1bef2
SHA1 hash:
bef749a24403155caf73f7d84756146cbaaea4dd
Link:
https://www.unpac.me/results/3a19bf5b-9f5e-4b5f-92be-1c616c64ba22/
SH256 hash:
39ca22f14584b93cc5197e97a5739a6d780b899a06abfd4411ce6b41cfbfa87d
MD5 hash:
82dfad3a8a75aded52a41f2d66f7a490
SHA1 hash:
f7c4ebbde1d74755683dc9a0ca052d9a0993b460
Link:
https://www.unpac.me/results/3a19bf5b-9f5e-4b5f-92be-1c616c64ba22/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 7cec2738d29eee86d4d2efcc3e9b315079f8a28226122c7d89b64b70c0aa1e79

AgentTesla

Executable exe 0d02dcf0e19e572698e38df75c6e01bab4a26e4a5c76647c6b98e5db2c612ae0

(this sample)

  
Dropped by
MD5 109cf974d66f4d1f795b42805dce80eb
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/70405/
  
Dropped by
SHA256 7cec2738d29eee86d4d2efcc3e9b315079f8a28226122c7d89b64b70c0aa1e79

Comments