MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83050c83ab71af263003fba66c14fd917289e0690a7c645a831a7626cd9f1061. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83050c83ab71af263003fba66c14fd917289e0690a7c645a831a7626cd9f1061
SHA3-384 hash: 76e4e6108b3ceb47f4e132badea6cf1307b092990a1d33f8094c201d08ff0697b9b6deef5032de9ef755df3d2be86595
SHA1 hash: eda45031f5b81dc1d8860bf6cf5531955ad98005
MD5 hash: 708fd3fb156db922483590981604841d
humanhash: harry-lion-edward-vegan
File name:INV-AWB-COPY#65688563423470.pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:481'792 bytes
First seen:2020-06-29 06:40:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'738 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:7WVS3Okj+/rAcIa1Dm14axKoMoILGuMmGYPNAIgI19CnsO7ZeIKa0d8+iZO76wS0:fOkjPIW4aQFoIqx01uI+0d8+iZO76wS
Threatray 116 similar samples on MalwareBazaar
TLSH 82A4D050B3B5471BD5FA4BF40560114057B679663A23E35CCEC270EA1EB7B810B6BB2B
Reporter abuse_ch
Tags:AgentTesla DHL exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 209.58.149.66
From: DHL EXPRESS <dhlexpress@dhl.com>
Reply-To: jhwang.allmedicus@gmail.com
Subject: SHIPMENT NOTIFICATION
Attachment: INV-AWB-COPY65688563423470.pdf.zip (contains "INV-AWB-COPY#65688563423470.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15410/
Detection(s):
SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83050c83ab71af263003fba66c14fd917289e0690a7c645a831a7626cd9f1061/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 01:39:21 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qmcqza5logxsmmad7otgyfh5sfzitydjbj6giwuddj3cntm7cbqq._file
Verdict:
unknown
Similar samples:
01956570f3d4747162a5b0c381bd39c843ac0a50c9355cecc621cfe9ae10a6df
AgentTesla
0a106a923ee9a6a55513751399bae618ec9f0a11dce7d2a82c73eba8583f2b92
AgentTesla
28c522239124483bcc83ca08cd0cbb3af1a9a3e18a1d8648e958c153c8e9e110
AgentTesla
41cbf7774ff46fef0f9ff796d62f44e51a64fc22020b89c04e440e5f29d44467
AgentTesla
61eec258ce469350a9fa37b1894742649cf28ae18c38e783bd1cd6ba1623611c
AgentTesla
953cb68c8860e2ed1d79f3eb57820c7a04e30d9f0f7d5db7364b2369449fdd27
AgentTesla
9c12a04f209f22ef328eb9aba2fddacb27011152eb0cb8eff4ccdf6a4fc394c4
AgentTesla
ac8a96958466021dd54209aa0119c8b5fbd6360c589787a7d5159d7508462fad
AgentTesla
bffcfa5a0174337b9a565e7880819ec3388eed4dd15a6076e4f99be4ec5d5f19
AgentTesla
e56366d78017d877b4413031f23021dce6f39cd2207bd4324967df5aaab3c4c0
AgentTesla
+ 106 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200629-t9ryljeee6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Reads user/profile data of local email clients
Reads data files stored by FTP clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 78b7a3fa18d216581743e53c0e9104e4c687521b1298eeb4214df32fffdbc24b

AgentTesla

Executable exe 83050c83ab71af263003fba66c14fd917289e0690a7c645a831a7626cd9f1061

(this sample)

  
Dropped by
MD5 d9ee035741332564de54ecac4d2ed8f5
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 78b7a3fa18d216581743e53c0e9104e4c687521b1298eeb4214df32fffdbc24b
Cape
Cape
https://www.capesandbox.com/analysis/15410/

Comments