MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ae84e98f262ec1d2a85e041ff786ff580bb8e9e101481d6928857602f81f16a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ae84e98f262ec1d2a85e041ff786ff580bb8e9e101481d6928857602f81f16a
SHA3-384 hash: 625e37c32a21c79595c0c5e9797c526bd594c4d8cdc542606cc9c41218c1d73445f80cb4c749028a2bcb398151e38798
SHA1 hash: 5eac6d9a81f17455ad763305d9927722de66be35
MD5 hash: d020ca1d4c618bb18e21e9f46bd5763e
humanhash: ink-beer-leopard-blue
File name:order list.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:433'664 bytes
First seen:2020-06-19 13:55:15 UTC
Last seen:2020-06-19 14:43:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:Xq12UOQaV2GxIC1nd8AV92xL9muMpDkcjnQBPgXxJQU5WufDZaB/HSSxp9Bo:RUGxIC1WG2x8u8kQnQFQfpDZ7YXi
Threatray 24 similar samples on MalwareBazaar
TLSH 3794018D92E88020F526A3FDECDA345313A4F065DD52EBA82F4636F35C2ABC1CD54A57
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: serve0.lumoss23.pw
Sending IP: 142.11.213.201
From: Mr. Jose Landeros <hr@lumoss23.pw>
Reply-To: francesco.giordano@giaguarospa.com
Subject: New Order
Attachment: order list.arj (contains "order list.exe")

AgentTesla SMTP exfil server:
mail.navarronavarrosl.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9563/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.29664.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 13:57:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hlue5ghsmlwb2kuf4ba766dp6walxdu6cakidvusrblwal4b6fva._file
Verdict:
unknown
Similar samples:
0b33dac5aa5963fc19e2db868690d76e0655d2bc6f1801eca5e1f26d903c16b0
AgentTesla
2580c9b3595a33f6f0cf4565dca85a884d2aecf8f4324f61a81f02fb4a68ae20
AgentTesla
26f9c482fd452faa690d8a0ed01e9962d8850b343af8a59a6817852c6e71f6f6
AgentTesla
2c1988b65fec7b60932b4ecdd808c99f026ef9e6e97244b56ebbe629a22c1e4d
AgentTesla
2d52f8dfee7a708fec8ddfd1d6634c278ce495b703e48abd1a5436473b550926
AgentTesla
49f8a53df63b928f15cf73f136aa4da17d47456f15a875ec68f6441f0ab476db
AgentTesla
54733b1af96fc6623b68b41df3bf4ea03ad0565ccf128d5d27339b8e5d003018
AgentTesla
765d8bb97b56addf0b725b4d289e6a73e8d5d80f74cf694d0831507690cfc8d1
AgentTesla
b847ee42e6237b9e237bb9a762cd3f03a1da2d4a826cc395267bcfc74d0ccea7
AgentTesla
db118a6acd60d50797efccfe1088cd6c4df1ded228d3d85bfac9ea1598aaf4ec
AgentTesla
+ 14 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-yj14pxfeb6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 9d15000a5e83152412aa6435b234daa6c686ab80c64bea576284541b32b67408

AgentTesla

Executable exe 3ae84e98f262ec1d2a85e041ff786ff580bb8e9e101481d6928857602f81f16a

(this sample)

  
Dropped by
MD5 ad9a5f1a6d47aa95fcecf6894ead3c5c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 9d15000a5e83152412aa6435b234daa6c686ab80c64bea576284541b32b67408
Cape
Cape
https://www.capesandbox.com/analysis/9563/

Comments