MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3608788a7ca7ee88aa507cc28e1a5cf3d4c49dae62ba14933085fa7197ae7841. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3608788a7ca7ee88aa507cc28e1a5cf3d4c49dae62ba14933085fa7197ae7841
SHA3-384 hash: 3804045f5821c68faf9d3b0a24148960a90853f5533a787d368609d7445352690fdb8811dd17980e121074b7340850e2
SHA1 hash: 17acf3f947f1c13d39a6eaeb4c7b1a84ab06ad09
MD5 hash: 1605bf6008e284245023fca26ccd4673
humanhash: kilo-magazine-london-emma
File name:RFQ12ZAI_pdf.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:880'640 bytes
First seen:2020-06-02 12:03:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:07HHscVmktyRyI4OmcO4lyBjbOre0fWnN+lSy5H2OzT3MqYIrLp4fsN4Jn:0zMrktbzcNgjjEeMJcn
TLSH 3D157AC8FE16F18EC41690F1DA9ECD2CD910EEA9530A5E02A10BF359693D45ECEE85F1
Reporter abuse_ch
Tags:AgentTesla scr


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.belflax.pt
Sending IP: 85.204.116.188
From: Shouneze Le Grange <Shouneze@eisenberg.co.za>
Subject: RE: EISENBERG ORDER
Attachment: POEsienberg_pdf.img (contains "RFQ12ZAI_pdf.scr")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 12:37:02 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gyehrct4u7xirksqptbi4gs46pkmjhnomk5bjezqqx5hdf5opbaq._file
Verdict:
unknown
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla coreentity keylogger persistence rezer0 spyware stealer trojan
Link:
https://tria.ge/reports/201109-673jwe7cfe/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
CoreEntity .NET Packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

fa16921c334539e800a9a041bee6d51e

AgentTesla

Executable exe 3608788a7ca7ee88aa507cc28e1a5cf3d4c49dae62ba14933085fa7197ae7841

(this sample)

  
Dropped by
MD5 fa16921c334539e800a9a041bee6d51e
  
Delivery method
Distributed via e-mail attachment

Comments