MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 344e623ca2c22240a52b952e83939f053675259b17f207cdd71453acab5d0060. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 344e623ca2c22240a52b952e83939f053675259b17f207cdd71453acab5d0060
SHA3-384 hash: 1ef36daa034d7eaa2863591dc58b7c88e1fd27ce7ced61245bfde2b7438fb23122f9964cb950ada434995dc595572935
SHA1 hash: 27e931684fcd9b09135adb36ddd97c56c3c5615e
MD5 hash: d3b8cc2d691ac9ef575f875a86b8abf4
humanhash: chicken-salami-spring-oxygen
File name:Order Inquiry#5500298678.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:447'488 bytes
First seen:2020-10-16 12:51:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 12288:CHFFAcbRpJumyQuDrM7L5vLJQu2hfBj9PnnpD:CHgaJuHDWU3
Threatray 148 similar samples on MalwareBazaar
TLSH 95946BB8AA47EE2DFB5E5CF3C8AC48215228705F4E4BF10754132BC87C3A5567AB20B5
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Mohammed Aquib <aqiub@gasarabian.com>
Subject: New Inquiry RFQ#5500298704
Attachment: Order Inquiry5500298678.img (contains "Order Inquiry#5500298678.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72013/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Stealing user critical data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/493593
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/344e623ca2c22240a52b952e83939f053675259b17f207cdd71453acab5d0060/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 06:30:21 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=grhgepfcyirebjjlsuxihe47au3hkjm3c7zaptoxcrj2zk25abqa._file
Verdict:
unknown
Similar samples:
071ba6fa9eef804d528534c2fc314365ab5a4b2dcffdd90eb2bffaabc57ab987
AgentTesla
61a57f66dd47818dbde83c6b2eae0bfe5ecac215605e3fac4c4a2a30c270cc04
AgentTesla
6c66ed3a40b1964b2d4f5d86214ba8468e0313ae8f340bb91a8059f94318e47c
AgentTesla
7ce357f7c3475e91f3dd3880f4fbbaa6d50f7101044b8b24e2ca0ea70981286c
AgentTesla
c3cf7a61f0ab30656aa7dd49ad4888794833ac3ae9eaf61391c4940117a4fd7f
AgentTesla
c905064bb651ad48f6a67415f4b982254e6f816ff03b1f19d3da32da19a8d788
AgentTesla
d223c5d9e8c4529cf905bb3c777f6850b21babd5ef85cd270db5a9e760ba4e0f
AgentTesla
da283473a2f9bd5bb26dbe283b4d037f0992a8d87fbd6116b76505958394675c
AgentTesla
e8da65e395c309509563df99675f2ddaa5339b55fd944867a479ffc5d3639946
AgentTesla
ea4d8d060bcd85bdb08cc7bd4f510a8539e84119011abb56e9e0158432e4de54
AgentTesla
+ 138 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201016-5lqcczj3ls/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
344e623ca2c22240a52b952e83939f053675259b17f207cdd71453acab5d0060
MD5 hash:
d3b8cc2d691ac9ef575f875a86b8abf4
SHA1 hash:
27e931684fcd9b09135adb36ddd97c56c3c5615e
Link:
https://www.unpac.me/results/27caf463-93cd-42ac-aaaa-1e3b06f1884e/
SH256 hash:
7f564119302a7274972d471851089c8cd8441f484d71519d460c5f06678eb314
MD5 hash:
ef1e39d1f6a3b9d7e3ac8e59f5b9b045
SHA1 hash:
6cbec30ed54d80cd2ac1f415fad03e8fc32ce81c
Link:
https://www.unpac.me/results/27caf463-93cd-42ac-aaaa-1e3b06f1884e/
SH256 hash:
a26bff8b5c724f1bc557738407ee9aaf587200740a1092e90f4f6ee0677a5602
MD5 hash:
9acc32d32c080711174c9050ac43febf
SHA1 hash:
7406380b59bee81e0c458f57b05e9b26506c3b7f
Link:
https://www.unpac.me/results/27caf463-93cd-42ac-aaaa-1e3b06f1884e/
SH256 hash:
dda29a3344bc5d389c1a09ba2fca0c46285f2309d767362e01c1ed257d46dfa2
MD5 hash:
4a9cc8fbfac3e5e8c93038a874590c45
SHA1 hash:
86a39e5c6997d27c5a8687c9f16c104e3855a38a
Link:
https://www.unpac.me/results/27caf463-93cd-42ac-aaaa-1e3b06f1884e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/344e623ca2c22240a52b952e83939f053675259b17f207cdd71453acab5d0060

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img c3b7f01081c49e96478efbac13f2fa60fbfa49a15f432b5abeba1aa02f9fd651

AgentTesla

Executable exe 344e623ca2c22240a52b952e83939f053675259b17f207cdd71453acab5d0060

(this sample)

  
Dropped by
MD5 52748efdef306976288e62adde236bff
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/72013/
  
Dropped by
SHA256 c3b7f01081c49e96478efbac13f2fa60fbfa49a15f432b5abeba1aa02f9fd651

Comments