MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef
SHA3-384 hash: 0b55d21f679638e2d8793af62fa571e83bec7b3ec9041890f5ba589a336d7d32d240f1c2f6dcc37a5d7d3ac42037a807
SHA1 hash: 570d604cce31a3adff4175759c495046e356639b
MD5 hash: 728f297e32eda1427ba0ba1e22fe1d7f
humanhash: alpha-freddie-snake-orange
File name:Documentos.PDF_______________________________.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:863'232 bytes
First seen:2021-01-07 17:46:21 UTC
Last seen:2021-01-07 19:51:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'070 x AgentTesla, 20'026 x Formbook, 12'352 x SnakeKeylogger)
ssdeep 12288:QZ9bAATXhGz3CgLtJ79MEhTDRwyePuXNTYVaUTVyDB6y3l+1cUjj:QZ/TX45pDDRwyc2NT3oyV53CcG
Threatray 6 similar samples on MalwareBazaar
TLSH B405CF5093A96BB0F5BE873CA4BE000197F4E1C1D366DB3E7EA160ED1652342E971637
Reporter abuse_ch
Tags:AgentTesla DHL exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: productosysuministros.com
Sending IP: 190.60.208.82
From: Gerente de carga de DHL <Carlos.Vasquezs@dhl.com>
Subject: nueva notificación de envío de DHL
Attachment: Documentos.img (contains "Documentos.PDF_______________________________.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
221
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Documentos.PDF_______________________________.exe
Verdict:
Malicious activity
Analysis date:
2021-01-07 17:49:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f0138379-6be1-4fdc-89aa-8b0343bdc8c5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/110868/
Detection(s):
SecuriteInfo.com.Generic.mg.728f297e32eda142.15960.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/576091
Signature
Initial sample is a PE file and has a suspicious name
Sigma detected: Suspicious Double Extension
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 17:47:10 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j3r4zrpejoukpduvkxofqls465kcpsk2esx3ugvk4lzwl7mx73xq._file
Verdict:
unknown
Similar samples:
2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe
AgentTesla
423ce9320e357189663367f227063aaad82e4d61f35e4566621de49723d710fb
AgentTesla
5f671b1c0644745816b1ccb89f46eb2d7966feedae3d542d1565a7ebf0b6a5e0
AgentTesla
8428c5045d1fbd4ae7c0c020024e03ee55ac6c4116b4bd3dbcc4e9bf2580d727
AgentTesla
e51ad389e78c6265cc5bf18f7bc1533052cc247621c27892ea3120339461f8cf
AgentTesla
f7f5b14745f49ef2b4f846d53003caeecdfce9e4540db03febfd36b58cf1e805
AgentTesla
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210107-qjstbqgq9s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
b9b6d535abf61239b1412c99b36d9d4f8e65f89f1c7e5504482ce9fa59f884a4
MD5 hash:
bb267f9fa8a82d4a9f3d1df41047206b
SHA1 hash:
041d5a18c5321ccea15c1e8538f1eba88ac1c8ba
Link:
https://www.unpac.me/results/8b0577e9-2a7e-497e-a964-508b5756ef18/
SH256 hash:
78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df
MD5 hash:
0d89407b450dd157f3eac8a3a3850a07
SHA1 hash:
ae3cd291f2a022360896d4fae4f005f2b50a8364
Link:
https://www.unpac.me/results/8b0577e9-2a7e-497e-a964-508b5756ef18/
SH256 hash:
a34623249beb195684361591654a1f6d0a45d5a1ce457159ab3c9120b504877c
MD5 hash:
26bb7e28807b4ddb73f9b50ea15d5ec2
SHA1 hash:
b104142587e8c0094bba35d6ebcc41eb20076696
Link:
https://www.unpac.me/results/8b0577e9-2a7e-497e-a964-508b5756ef18/
SH256 hash:
4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef
MD5 hash:
728f297e32eda1427ba0ba1e22fe1d7f
SHA1 hash:
570d604cce31a3adff4175759c495046e356639b
Link:
https://www.unpac.me/results/8b0577e9-2a7e-497e-a964-508b5756ef18/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 38e10422c689c52198608d44a38e7d9cc45b1b25ccb4331aa8cc5b8a5d594ad8

AgentTesla

Executable exe 4ee3ccc5e44ba8a78e9555dc582e5cf75427c95a24afba1aaae2f365fd97feef

(this sample)

  
Dropped by
MD5 5d6250d1d11a150cd2b2ac3c266073fa
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/110868/
  
Dropped by
SHA256 38e10422c689c52198608d44a38e7d9cc45b1b25ccb4331aa8cc5b8a5d594ad8

Comments