MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2733ea44252147c755e8214184d8740fcab0ca6de317b5fbd8f34021d97cd5cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2733ea44252147c755e8214184d8740fcab0ca6de317b5fbd8f34021d97cd5cb
SHA3-384 hash: a550d7b3d5843fe65c9ccc92dbc8fe59e627199bceb7eed77c22d903cba754026af5d1af92983b7abd0bf0f3e88bf4ae
SHA1 hash: 50ea06e61d97823b9e6a24334ac33871879e38fe
MD5 hash: 7067607adedc392a64e881bfb5e3fa58
humanhash: emma-wyoming-island-washington
File name:new inq.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'856 bytes
First seen:2020-05-23 11:39:19 UTC
Last seen:2020-05-23 13:13:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:AEXxA8xJRVP0K6EK1664g2vwJBpfsNxg8MATGDQ:Bx6KEKgLBpggnATGD
Threatray 33 similar samples on MalwareBazaar
TLSH 279402052298A27FC82DAB792574540207F6AD576647F30D8FD6F1EA163E7824B08EE3
Reporter abuse_ch
Tags:AgentTesla exe HostGator


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway30.websitewelcome.com
Sending IP: 192.185.152.11
From: Jenny Gomez <janny.gomez@eurasiaintrading.com>
Subject: Confirm Availability. Inq wada
Attachment: new inq.rar (contains "new inq.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Hosts.47613.12622.1826.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 12:36:20 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
14d4fd8fdb6aa9a2eacda7af2d11de9edbd45ef996d0ec59c03bb6b3673726ed
AgentTesla
4dc2d208eac6249c467cfa21ddaf785e6259b24fcccb2d9d761a3161284074ef
AgentTesla
54c49492eed556235b60ded21c2aa081178c56b28d3e4681ea253540c6c4bc96
AgentTesla
65cd6807556189c85811f11fb91a981749e7d9760e5a72c0845dd6b8ff93a8f9
AgentTesla
73878e34b785ba5dd951e4af104d6f68416b07f487584a1963c5b63913615eb3
AgentTesla
7819bc5124f6f638efe153d2ece14626cc81f07cd499747653f62764ce618002
AgentTesla
7f739c5eac76d496c71d9a0b24abe3d9990adb95321a1145eff1f3e68e3c4745
AgentTesla
8c2902a9b405c863c7bd977dc8fe8477c8eebe4a46dc336a6e6f9c1bca5f91df
AgentTesla
9751e85e80d56c2d8c0e1e9614117728d02ffb3d5733d2a172a7f24bfc468a51
AgentTesla
f96f26859a0e34567a6042ef891e59c27a62f6630d9211be0bbbcac749efe988
AgentTesla
+ 23 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-bb92rwa3tj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c0feea40d82f6b56fc615219d7d4090ea265d2d84cb475722ff0bd309e2b325f

AgentTesla

Executable exe 2733ea44252147c755e8214184d8740fcab0ca6de317b5fbd8f34021d97cd5cb

(this sample)

  
Dropped by
MD5 ab3ce387aa6f88a4bda4d5c3a607c603
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c0feea40d82f6b56fc615219d7d4090ea265d2d84cb475722ff0bd309e2b325f

Comments