MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50d83791145d6b09c47fc90279d568bff571181c97d9dad9ab63c3e9c9b935af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50d83791145d6b09c47fc90279d568bff571181c97d9dad9ab63c3e9c9b935af
SHA3-384 hash: 09d107d7aeec49193b352b0b354b22159658eec338ec452dbed5f3de3823f799d4c27ad10166800a19fdbcfd7f034793
SHA1 hash: 8893f60b6a153f0e92f0e7a386a91d8bb28a35de
MD5 hash: 1a805b9b1977259445dbfb5006b4b730
humanhash: angel-asparagus-sodium-arizona
File name:IMG-74565456789876789876545678-2345987.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:522'240 bytes
First seen:2020-08-18 08:48:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a9faaf32646a3afd481c4ac664821756 (4 x AgentTesla, 1 x AZORult, 1 x FormBook)
ssdeep 12288:J+b5Gcfr1qPb4DwqLukbRrmDffvrMaP0fFBlf4O:Mb5GBi9bxmD3vJ6F
Threatray 10'210 similar samples on MalwareBazaar
TLSH 01B4D0B9F680CAE6C0A647327216DF7411377E392F75B10B3B443AA73D728AA8415F85
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ct13632.vservers.es
Sending IP: 188.164.194.49
From: cuentas <cuentas@frutasyverdurasbernimabel.com>
Subject: Re: ConfirmaciĆ³n de aviso de pago
Attachment: IMG-74565456789876789876545678-2345987.IMG (contains "IMG-74565456789876789876545678-2345987.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/47607/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Modifying an executable file
Sending a UDP request
Launching a process
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Forced shutdown of a system process
Stealing user critical data
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/50d83791145d6b09c47fc90279d568bff571181c97d9dad9ab63c3e9c9b935af/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 14:28:05 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kdmdpeiulvvqtrd7zebhtvlix72xcga4s7m5vwnlmpb6tsnzgwxq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
2797fabdb7ec8843947933f792ef8db22cc3bab5e06f8204ab4697acd0a04d55
AgentTesla
2b5d96d018098da5990f2d6d721ab925efd4422c13cccf031775b6fddd5f801e
AgentTesla
464e7363198201699fa0503be713d1776fb07eefc63830cd08494f26ec93ba8b
AgentTesla
574f46006cfd1caa512756f6a27e6ce2140124d77f1a979c2c12d0d63652cd5c
AgentTesla
66178c5a45af58b7b0710d3867d501cbef090c10817fd1ebf5555477c2c32098
AgentTesla
8433ac6d87185d65251a833f4f37ac4095395d2751da1ff95e8d9d4e53656480
AgentTesla
91c8f2961875cc9e46f40ea917b6d83c45301926d88bb8a0af857f3caedcf8bc
AgentTesla
cac726f6b0bcb60af61033a9a59ae886ee7466f65e20185cd44be43c80386e7d
AgentTesla
d3dc0fad4580b2c3d0f5bfe27fd99d66b20f2a2c65c219218f9e6628a9df5d2b
AgentTesla
d4ce64cdc542c8733eb5b0445875887874d467ee1f13ef1a2bd6e7d568d3f97d
AgentTesla
+ 10'200 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
keylogger stealer spyware trojan family:agenttesla
Link:
https://tria.ge/reports/200818-7vx14dnjk6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 86bf67ae096a12f9c7d1d38c03d8f2c5c3e165005253bb63bf3afbea83de8a92

AgentTesla

Executable exe 50d83791145d6b09c47fc90279d568bff571181c97d9dad9ab63c3e9c9b935af

(this sample)

  
Dropped by
MD5 d88e9a728da9f2f284ba409a82023fd2
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/47607/
  
Dropped by
SHA256 86bf67ae096a12f9c7d1d38c03d8f2c5c3e165005253bb63bf3afbea83de8a92

Comments