MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f
SHA3-384 hash:	cb5beacc8e68ec23c825e9118313919dc786747084007ca54f3ca3063fcb04d4c15bd4243dd2348bb4c0f25afdb8cce0
SHA1 hash:	c39b0a81c603bb7f3affcb15f3bbe447ed03f50f
MD5 hash:	4d3851cde38adbb1d797e6f202fb8f98
humanhash:	river-nuts-spring-vermont
File name:	STATEMENT OF ACCOUNT.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'580'032 bytes
First seen:	2020-10-07 05:06:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep	24576:NAHnh+eWsN3skA4RV1Hom2KXMmHaMty3a5JODz4mZNbaki0Sf0EOIdkS5:sh+ZkldoPK8YaMMimtHi0SnOC
Threatray	775 similar samples on MalwareBazaar
TLSH	7C75DF0273D2C036FFAAA2739B6AF60596BD79250133852F13981DB9BD701B2533D663
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing unidentified malware:

HELO: aimil.com
Sending IP: 103.99.1.141
From: Nautami Shah <analytical_vad@aimil.com>
Subject: RE: STATEMENT OF ACCOUNT
Attachment: STATEMENT OF ACCOUNT.rar (contains "STATEMENT OF ACCOUNT.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

115

Origin country :

n/a

Vendor Threat Intelligence

Detection:

AgentTeslaV2

Link:

https://www.capesandbox.com/analysis/68780/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Launching a process

Using the Windows Management Instrumentation requests

Reading critical registry keys

Stealing user critical data

Unauthorized injection to a system process

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/483656

Signature

Antivirus / Scanner detection for submitted sample

AutoIt script contains suspicious strings

Binary is likely a compiled AutoIt script file

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f/

Threat name:

Win32.Trojan.Predator

Status:

Malicious

First seen:

2020-10-07 01:15:27 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mlnjb5e7hic4lwxlfonf5wx2lzt4xdrlgkjjzz6lqafha2xr3gpq._file

Verdict:

unknown

AgentTesla

432563b33bc9c2b8c2367e8d1602224c4c56a875257e79e7585a6c8f70591ddc

AgentTesla

48b1f899e7ad8d880a6bf9d97ada6507c4403c8d8e81815f83fb8181ca247008

AgentTesla

4e117136514a27d76d7c415c6b604b671a4bba10e751a5b4cda0091205287ef2

AgentTesla

6d1cfff093998c807b9c5dc3fd122adbea40c5bad0cad4cbe10b43932c28bdd9

AgentTesla

89f1ed8a332907a1e20a452f773576cc53bc7bfcb2aeb20eb4501d57a5574d2e

AgentTesla

b052d189fbba69117efc6e10e1cada3faee844cb59b5f0d1482734976c72bd58

AgentTesla

cda432c107c3fa22908941cec37a18edb507ceb2c83d70caf87031d2b5817afa

AgentTesla

da362c114efb6a8f52b94b4554a7dcf6594eb2408f16d22cbd3cdbc520eb86eb

AgentTesla

e897888dd36ab2a5740030d628f510ef0563d9d039e896b45134a4a5c4a82bb7

AgentTesla

+ 765 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

keylogger stealer spyware trojan family:agenttesla

Link:

https://tria.ge/reports/201007-4vrayqng6j/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

AgentTesla

Unpacked files

SH256 hash:

62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f

MD5 hash:

4d3851cde38adbb1d797e6f202fb8f98

SHA1 hash:

c39b0a81c603bb7f3affcb15f3bbe447ed03f50f

Link:

https://www.unpac.me/results/483d2cc7-7852-4a80-9e37-f78e7c924968/

SH256 hash:

0897d0954dded59cbe044276d8a380bcd3e5d2fdc86bddb01d3dfaac14050737

MD5 hash:

b23f431cfbca2c6409e18459da7d2fa0

SHA1 hash:

a7b54495e410718a5dbb77a2b179fbecf016a7e9

Detections:

win_agent_tesla_w1

Link:

https://www.unpac.me/results/483d2cc7-7852-4a80-9e37-f78e7c924968/

Parent samples :

b052d189fbba69117efc6e10e1cada3faee844cb59b5f0d1482734976c72bd58
89f1ed8a332907a1e20a452f773576cc53bc7bfcb2aeb20eb4501d57a5574d2e
62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f
08f4ca4ce85d82c9c563f815ce1c23a1f1526420ad9982d3c23b44ab41470a4d
436f7e9402eba8912904874a6c8085cf85c80b57968372d51c50739b25849e12
88ee51250e47627f9b734c897249cdc14a295d7297494b1ec7aab981370185ba
bbc94437bf54f676a86709d278fdf0977f5bac33bbc0262377fd4054561535a0
ed2d120151830f0dd5f1ba2f201d05bdf90702efa5d41365bd54b9b04c15aa28
de86cb4227717aa6e3818fc1f0ec62d733b1e5e941f410db7c0065ea4c4f7e94
7423c0c0302e6fa4b8ddc313963caad4189b570e9f43b201e83cfe56953b1e82
ac4013eb7d6c5dbbf90b163c9ebc5cf8fe40090132635764de6624ac2e3faf40
92d887eebd56236c7b64d7c4df54d34b63910982eddf27769b942d524c39a4a3

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Eldorado

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 65a71fc480e3f225f17bab9d0117dfda33c71eeb5f90fa19cc1a09cdbd05fbec

AgentTesla

exe 62da90f49f3a05c5daeb2b9a5edafa5e67cb8e2b32929ce7cb800a706af1d99f

(this sample)

Dropped by

MD5 25d2f4b05484b52ebde530eaa8ad05f0

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/68780/

Dropped by

SHA256 65a71fc480e3f225f17bab9d0117dfda33c71eeb5f90fa19cc1a09cdbd05fbec

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample