MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4100195b2a039c4612c9f9fc847470f49bf3e42978cb62fd24c8d9e8fd4324d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4100195b2a039c4612c9f9fc847470f49bf3e42978cb62fd24c8d9e8fd4324d8
SHA3-384 hash: d6556a80b80b82b44f14a0fcd1ad504513c96b8aee32fbc99dd61d8acad104b96e5011df473287b808562639384efc65
SHA1 hash: 98689343cbee4c0262310e323902b53fc9aa40b4
MD5 hash: 4933c238a449e717753f232aa9961199
humanhash: virginia-oxygen-michigan-november
File name:Invoice.bat
Download: download sample
Signature AgentTesla
Create hunting rule
File size:956'928 bytes
First seen:2020-05-14 05:03:20 UTC
Last seen:2020-05-14 05:45:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 24576:asNiOvJCfMSwcRqrqp33btASwnrf1v3h6Q3liS:asxOMkqrc33HgJv3l33
Threatray 395 similar samples on MalwareBazaar
TLSH 921501BC3164BAEFC81BC5B5CAA81C28F664707B530B9243955354ED9A0DA93CF284F7
Reporter abuse_ch
Tags:AgentTesla bat


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.aranzadi.es
Sending IP: 195.76.174.39
From: Robert Smith <ngocphung@invina.com.vn>
Subject: Invoice Attached
Attachment: Invoice.bat

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4300/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33838120.21414.25202.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 17:08:17 UTC
File Type:
PE (.Net Exe)
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ieabswzkaooemewj7h6ii5dq6sn7hzbjpdfwf7jezdm6r7kdetma._file
Verdict:
unknown
Similar samples:
025dd1259e4f221e25144622733ef5de70d4f6fdfd9ec3e23558529f2ba80fea
AgentTesla
1eee887b16c1d789c1869219de2609fbc29ef3ee0c0625f2907c71e9ba701daf
AgentTesla
21770aa286de38738ddaf3b4237a794ed43f858019f33ed5d2cc570de0ab0eda
AgentTesla
21dba41b37835f29fa4166786b44915d69109229a0fd19ee46d14cb2afa7c35b
AgentTesla
8ff2f39aeebe67fb77f29fed1cbdf9918dc2d3abbe924092f7b770eeb5c78ee5
AgentTesla
d3375fae6761e02b05ae0ca40938958b7b025f1072d989b3188ff46ec032505e
AgentTesla
dff01b9f8946ed3792fe4e32ae3f95834c892f16ca219dc99d78fd15064f82a2
AgentTesla
e4392c3867a7b38a96f352f3249358e0144717bde4adf6473e5f994904a98bb3
AgentTesla
f646b35153e14b1c060f94dfa4e3467165946dd9720b8ed63c2e8b144f132f22
AgentTesla
f982ec93d003591286335c98074fdbe2054d603de5211af961c670f50ac3437d
AgentTesla
+ 385 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla coreentity keylogger persistence rezer0 spyware stealer trojan
Link:
https://tria.ge/reports/201109-87ba2czxee/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
CoreEntity .NET Packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 4100195b2a039c4612c9f9fc847470f49bf3e42978cb62fd24c8d9e8fd4324d8

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/4300/
Cape
Cape
https://www.capesandbox.com/analysis/4299/
Cape
Cape
https://www.capesandbox.com/analysis/4297/

Comments