MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69710a605be0e7ffded4a0156f7823e29dc0f1b2ceff785465d3fd094802de07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69710a605be0e7ffded4a0156f7823e29dc0f1b2ceff785465d3fd094802de07
SHA3-384 hash: 2daeaad3c00a1a45f4d9aebec96f9523a016be36643660956871301809a8e22f67ce21f2ad485f9b91479b2e348a9b3c
SHA1 hash: 4e1c7673554b9f33f8e20a7d630132be14baa504
MD5 hash: 0d595d14406499fde6b61183154ffc8b
humanhash: speaker-jersey-alaska-speaker
File name:Prueba de pago.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:509'440 bytes
First seen:2020-12-02 09:16:02 UTC
Last seen:2020-12-02 10:51:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e3086672ec8625cc086cf37febd4303 (4 x AgentTesla, 2 x Loki, 1 x Matiex)
ssdeep 12288:IQ8xw+N8LxVz0KkYt/bPmXIiCyjR6sliHmHVSrSley:I7SlVzbkYUayjRtImHwe
Threatray 1'598 similar samples on MalwareBazaar
TLSH A0B401087080E239D8F312758ABE5B15A6BEBC700B6668C3B7DC5D6D4B746D07A31277
Reporter abuse_ch
Tags:AgentTesla ESP exe geo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: prometheus.acosis.net
Sending IP: 194.143.219.149
From: Comercial <sandra.sanchez@multiforma.es>
Reply-To: Comercial' <marcusdrnd@gmail.com>
Subject: Re: Prueba de pago.
Attachment: Prueba de pago.rar (contains "Prueba de pago.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/106356/
Detection(s):
PUA.Win.Adware.Bang5mai-6804572-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Result
Gathering data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/553378
Signature
Found malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69710a605be0e7ffded4a0156f7823e29dc0f1b2ceff785465d3fd094802de07/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 09:16:08 UTC
AV detection:
28 of 46 (60.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nfyquyc34dt77xwuuakw66bd4ko4b4nsz37xqvdf2p6qssac3ydq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
381dd9808ccf85e188bdb572dd8144b181a8ba5160ac5d617146d4250171174c
AgentTesla
4f7a4d62b491af06b4516daf257d1fa797ba9e065f452ce0d71e3b6f0fbc6a45
AgentTesla
54297a66291e2f879e2eaae44cb06032719d69299968e28c237f6315fe1d7eb1
AgentTesla
55262ba4506d187b228d575d7740803b4930a9392f4d90f2cdfc4db1dba987e1
AgentTesla
5d24a0a0b3827fc646d7f7da98a5db2a8d76bba9761b4c91ab968cc67ceaf194
AgentTesla
6093b99ac39503f585b6a7ed7e20727c24a784a7a93c181596209054a561ad71
AgentTesla
7323b8d5a71d744ada47370e02c8d86eb551bacb6881aee27ed7ec61cc22e068
AgentTesla
a922d6a65dd738d1c715a254a2e257b1c35b006052ee426f634558f11db91d5b
AgentTesla
ab612a8fe6f624d7d590420fc47a96b99aaa0097d4d78f438fee11cd41552305
AgentTesla
efcd8b4258174d99d21ed0be8a946ca98787e58543194208301af6189ae39f84
AgentTesla
+ 1'588 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201202-t9sqnxke5e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
7b3ebf21c7ff533e0d63cc9d2dfa1251b13b31c563c3fd5923e8b1f4270e5b8f
MD5 hash:
1be7c07e742480b59e592a3634f167f5
SHA1 hash:
5bea4b2d88531af6a07088368ee0211baf5a12e0
Link:
https://www.unpac.me/results/ad68092a-82b7-45f5-a036-89a2f01cc838/
SH256 hash:
f9d51d8ef7f109fc40a1952608e8f730e03c7610b316be7694f05771826865e6
MD5 hash:
b570875373324d0e56c0824f3872bfce
SHA1 hash:
9cd5e3496467c3fd13fb8fe5ead650cf55d40b21
Link:
https://www.unpac.me/results/ad68092a-82b7-45f5-a036-89a2f01cc838/
SH256 hash:
69710a605be0e7ffded4a0156f7823e29dc0f1b2ceff785465d3fd094802de07
MD5 hash:
0d595d14406499fde6b61183154ffc8b
SHA1 hash:
4e1c7673554b9f33f8e20a7d630132be14baa504
Link:
https://www.unpac.me/results/ad68092a-82b7-45f5-a036-89a2f01cc838/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69710a605be0e7ffded4a0156f7823e29dc0f1b2ceff785465d3fd094802de07

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5a1313bd80d946f5002832471885a36c021c169ae1cfb3458cdac5690b70aaaa

AgentTesla

Executable exe 69710a605be0e7ffded4a0156f7823e29dc0f1b2ceff785465d3fd094802de07

(this sample)

  
Dropped by
MD5 21328147e991555f5314df14a7b05b14
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 5a1313bd80d946f5002832471885a36c021c169ae1cfb3458cdac5690b70aaaa
Cape
Cape
https://www.capesandbox.com/analysis/106356/

Comments