MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 812efd5114e9e1d9ae0898435aa593322a4ef9a39ddd1befe6fc9382ed1cfc0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 812efd5114e9e1d9ae0898435aa593322a4ef9a39ddd1befe6fc9382ed1cfc0f
SHA3-384 hash: 4b6e8cf3bea59c382b6979a44156c02c61d798b12f37795372795673b53df551be51487273483c47382a7a08ad8dd0f6
SHA1 hash: f8454553259eb85213545c5fa3a7c558b6424642
MD5 hash: 51a186f64b59903d7217774720d0c34d
humanhash: single-cat-mike-arkansas
File name:CDO1029-022019 PURCHASE ORDER_PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'916'416 bytes
First seen:2020-05-05 11:01:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 49152:N9yp8LdRGPBuH5Nu2+HumCKOCQ4YBSZMx1fOEUwc93o:N9yp8R/H5NFiumCcQ4iSI1fTUwk3o
Threatray 402 similar samples on MalwareBazaar
TLSH 6495F19D722072EFC85BC072DEA82D64EB5174BB831F5207A42715ED9A4C987DF284F2
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing :

HELO: achilles.noc.ntua.gr
Sending IP: 147.102.222.210
From: KangQian Wong <rs12704@central.ntua.gr>
Subject: RIT-CDO1029-022019 PURCHASE ORDER
Attachment: CDO1029-022019 PURCHASE ORDER_PDF.z (contains "CDO1029-022019 PURCHASE ORDER_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJWW.211.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:37:01 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qexp2uiu5hq5tlqitbbvvjmtgive56ndtxorx37g7sjyf3i47qhq._file
Verdict:
malicious
Similar samples:
13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
AgentTesla
182321120c1270861876820e9413137d6c32cd8af4e6aee6cef87ee5fa236b5b
AgentTesla
2222ddfcb76c8c278bbabf1b094e47950023f1319ae484d44dc502b91700db17
AgentTesla
5136cc442f7ff2a99cb5c3c64c0419d23a3aba57f7389af3a758615eb8b6d26b
AgentTesla
a007c974d0e999a91fb8e3c81489642b608dee675c411d99baf42499c64cc1a8
AgentTesla
b46571fd44360c7d8e9771a807c0914f419dc7dc69a43b475b537484a1aa5053
AgentTesla
dbdbfa24b62d54b1624dac7d07bd939677342c820867b0d8993f0ab95af3d342
AgentTesla
e666762b026d8017d202c3bf8f6b32d9a13bff5549735a93611e79b3c1a9ff83
AgentTesla
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
AgentTesla
fe3dcdbbb57d61e04df490402d1e477ec1a804add945a2287c697b18a2234227
AgentTesla
+ 392 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger rezer0 spyware stealer upx
Link:
https://tria.ge/reports/201109-k25l7lnjr2/
Behaviour
Creates scheduled task(s)
Modifies system certificate store
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
rezer0
MassLogger
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z cfa7ad839196aa642475e972db8d360cf7b219e10b304ecd8cf9c7a0787a2ad7

AgentTesla

Executable exe 812efd5114e9e1d9ae0898435aa593322a4ef9a39ddd1befe6fc9382ed1cfc0f

(this sample)

  
Dropped by
MD5 698fcca9631f313cd1a4e6da6269760d
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cfa7ad839196aa642475e972db8d360cf7b219e10b304ecd8cf9c7a0787a2ad7

Comments