MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39de25e17b998dba7b9565f8d07a44053f34cf1a8eebae01954b1959a6422b80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	39de25e17b998dba7b9565f8d07a44053f34cf1a8eebae01954b1959a6422b80
SHA3-384 hash:	544556c38e95e0fe79f0ae5de3094e8ea67a62d1d707120cef8f6c94a7475da3e01c3a3b22ce665d1593d71c1726ac68
SHA1 hash:	1de55f5a9a8c87cb46460f9656caafee6e70ad13
MD5 hash:	4438bacfd1d549c0eaf3401dd343fa32
humanhash:	winner-neptune-berlin-speaker
File name:	NEWPO-010442311.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'094'656 bytes
First seen:	2021-02-22 13:39:50 UTC
Last seen:	2021-02-23 06:34:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:EahIQQkB/rmPL6cqrhLS0BUlscjl9FKRvGNmjL7eIY0cvnnvknlrIEqyHk1muhuY:E4zULudU7l9FK8gjLaG6nEIH7Z
TLSH	78351751221C6F5FF43F933951A71AAF63F2E916E311D90EBCD822DF4921F808B95A12
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing unidentified malware:

HELO: cpow.com.kh
Sending IP: 155.94.185.117
From: Ms.NANTAWAN TOCHAROEN (Tom) <nantawan@cpow.com.kh>
Reply-To: ino666@yahoo.com
Subject: RE: NEWPO-010442311
Attachment: NEWPO-010442311.rar (contains "NEWPO-010442311.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

124

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/118331/

Detection(s):

SecuriteInfo.com.W32.MSIL_Kryptik.CPN.genEldorado.8169.31774.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/614165

Signature

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AgentTesla

Yara detected AntiVM_3

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/39de25e17b998dba7b9565f8d07a44053f34cf1a8eebae01954b1959a6422b80/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-02-22 13:40:11 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

14 of 48 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hhpclyl3tgg3u64vmx4na6seau7tjty2r3v24amvjmmvtjscfoaa._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210222-74w51kejx2/

Unpacked files

SH256 hash:

e624003658c4f8b349f567c82229fd15d1e63d3d20fe6f7b4388403038cd2a44

MD5 hash:

b6ce7c1d81b9271eab825ea63de154c3

SHA1 hash:

0e7b89555314f8908c1098b652c9bf50e5ecc27b

Link:

https://www.unpac.me/results/3d84570c-efd1-4216-a439-c483dcbc28da/

SH256 hash:

39de25e17b998dba7b9565f8d07a44053f34cf1a8eebae01954b1959a6422b80

MD5 hash:

4438bacfd1d549c0eaf3401dd343fa32

SHA1 hash:

1de55f5a9a8c87cb46460f9656caafee6e70ad13

Link:

https://www.unpac.me/results/3d84570c-efd1-4216-a439-c483dcbc28da/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/39de25e17b998dba7b9565f8d07a44053f34cf1a8eebae01954b1959a6422b80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2f1b06ddffa8edfd4b861e9f76825eb0cc4a21402fc013f29be061526a7764e3

AgentTesla

exe 39de25e17b998dba7b9565f8d07a44053f34cf1a8eebae01954b1959a6422b80

(this sample)

Dropped by

MD5 d2ff208ab300b030412d8b20d5a02c97

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/118331/

Dropped by

SHA256 2f1b06ddffa8edfd4b861e9f76825eb0cc4a21402fc013f29be061526a7764e3

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample