MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 140831c456eb79b85764ffe241d69f5c01b83af5ca6f124a8f9ef9399e0b648c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	140831c456eb79b85764ffe241d69f5c01b83af5ca6f124a8f9ef9399e0b648c
SHA3-384 hash:	60529eb8e2b0cb1cc6da5e9eeb9a06eddc07f8a3d64adb501b157b9a0bf021c9bd2ce1403eede1dd077618947cfaa2a7
SHA1 hash:	00ac2e06959c23697d4c22638e5647fbc33a542f
MD5 hash:	7c7e58852d000bd3320428d373341a9e
humanhash:	muppet-lion-minnesota-paris
File name:	Our New Order August 17 2020 at 2.77_PVV440_PDF.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	353'280 bytes
First seen:	2020-08-18 19:45:28 UTC
Last seen:	2020-08-18 20:48:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:OP2eYNGdC7xRXoEoJpG1n6wYpmfzL2TjYwNcBvY3qbQMXThs:UJw7xT4E1n6PmzL2HBOXX2
Threatray	10 similar samples on MalwareBazaar
TLSH	C874230AA0D8CAF1CA957D7FF01936211320FF2FD553E49B748DEB25FB26A44629205D
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing AgentTesla:

HELO: ns1.net-access.net
Sending IP: 51.254.138.129
From: Jana Azih <jana.azih@getinge.com>
Subject: RE: AW: Our New Order/Enquiry No.00127
Attachment: Our New Order August 17 2020 at 2.77_PVV440_PDF.img (contains "Our New Order August 17 2020 at 2.77_PVV440_PDF.exe")

AgentTesla SMTP exfil server:
mail.beljemi.com:587

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/48088/

Detection(s):

SecuriteInfo.com.Generic.mg.7c7e58852d000bd3.15428.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Using the Windows Management Instrumentation requests

Reading critical registry keys

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/140831c456eb79b85764ffe241d69f5c01b83af5ca6f124a8f9ef9399e0b648c/

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-18 19:47:06 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cqeddrcw5n43qv3e77redvu7lqa3qoxvzjxresupt34tthqlmsga._file

Verdict:

malicious

Result

Malware family:

agenttesla

Score:

10/10

Tags:

keylogger stealer spyware trojan family:agenttesla

Link:

https://tria.ge/reports/200818-8nnqeqp7ws/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Eldorado

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/140831c456eb79b85764ffe241d69f5c01b83af5ca6f124a8f9ef9399e0b648c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img fea74e84d0798d828ff3870103092fbdaf131bb56ecd1c82dd98fc9ab2a89038

AgentTesla

exe 140831c456eb79b85764ffe241d69f5c01b83af5ca6f124a8f9ef9399e0b648c

(this sample)

Dropped by

MD5 4bcbe742abd609f3f60062092f299ce6

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/48088/

Dropped by

SHA256 fea74e84d0798d828ff3870103092fbdaf131bb56ecd1c82dd98fc9ab2a89038

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample