MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 705f488d08262ffb7161421b0de427be7e83342895cd6af5f5f7aad593725d34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	705f488d08262ffb7161421b0de427be7e83342895cd6af5f5f7aad593725d34
SHA3-384 hash:	233568e01aecaad3013738917787cc6210e6b991b7f68a61861cfaf2025bc5ce42ea91572827c576f616a04ff7a0cd5f
SHA1 hash:	555b9c36466afee588410260d8ba8fa3fbbf505a
MD5 hash:	137849026bb188cf23c480262877c705
humanhash:	bacon-echo-chicken-william
File name:	AMTEC Order RFQ J7D34F7.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	463'872 bytes
First seen:	2020-05-20 13:26:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'749 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep	12288:ppq7LWrgMeV/0Mx+ObXugE15A4/EwJBFqHYYnvhhVo3gocb9f:ppdJet09Ob+gE15jt0HnJs8f
Threatray	997 similar samples on MalwareBazaar
TLSH	AEA4E0A47169999FC9DC90F9449262C803F496B75382F7CA8CC6B1DB33C3BE949026D7
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing AgentTesla:

HELO: amtec1.com
Sending IP: 209.58.149.65
From: Shaikh Jaffar<shaikhaffar@amtec1.com>
Subject: RE: AMTEC INC. 2020 Order/RFQ
Attachment: AMTEC Order RFQ J7D34F7.Dfc.pdf.rar (contains "AMTEC Order RFQ J7D34F7.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin

# of uploads :

1

# of downloads :

90

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-20 13:35:40 UTC

File Type:

PE (.Net Exe)

Extracted files:

3

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=obpurdiieyx7w4lbiinq3zbhxz7ignbisxgwv5pv66vnle3slu2a._file

Verdict:

unknown

Similar samples:

00b85c15e241bfcd6a5a9d64029e117876da5029b60b8f4828f859277dafc6f2

3aed1fc591ecfec392005089c870bd1f645f352a99912c1de774918e1de67f8d

41c7d6bad3849fb7c5365745b2be8678e3e8ad63d5b4e8329b1b3206c5d1adf6

4cc5578e9b753897ef8d0659635de7aab82fe0e17b99caf8b622ba16b0ebb764

55187d6c2f610a3ce371a1fc9771ad42d90b7266c5e9ea45fced7acf9fe0ad13

654218028f797e5c401cc31242000aaa138e3eb0f8a920b850dadc2b2bf8f807

bf15b6d8ed1637598fd2d08ae5f619a4c08c6b03372fddfa8f68f6380e735083

e7a2a500165fd1abfed725fd1e51c07d0317cc5a524677bb1069fca38561ce84

fba5658815c50ae760c7baf3e1bd1bc7f3f78a7bf71066c4b4502b755b35826c

ffb4e1b5e6ac64c969e3f90351eb0d401146f266b6678dfbff611faaf15a311f

+ 987 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla coreentity keylogger rezer0 spyware stealer trojan

Link:

https://tria.ge/reports/201109-v1ex2v1rjs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

rezer0

AgentTesla

CoreEntity .NET Packer

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 2c55e2454af45054ebc078cd20867f2ee26ec48843f2545bf62d5fc29e685af4

exe 705f488d08262ffb7161421b0de427be7e83342895cd6af5f5f7aad593725d34

(this sample)

Dropped by

MD5 6bb9712f3256091bfe1949d94834e934

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 2c55e2454af45054ebc078cd20867f2ee26ec48843f2545bf62d5fc29e685af4

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample