MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be
SHA3-384 hash: 8b67f917e38db980bde04ba38e2f8dfae7ee1ba7d57eb35ecbeb4ea06b65a34fbcb9a1bed5b131bb54d7091953f282ab
SHA1 hash: ad74766618949be3bb3f06a6c6749093e8500fdd
MD5 hash: da828f6544e96bddef1c0e1535947f8f
humanhash: washington-moon-mirror-robert
File name:Inquiry.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:721'408 bytes
First seen:2020-10-07 10:47:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:xsJiE9b5REjtVd1C5b3ja59ecQuGcC4nW3eZlkkrscurWVYlGTVHx26EoEQa1fHH:Wv9NOjtVdgJTaCudFnSetrscurnlkRMb
Threatray 896 similar samples on MalwareBazaar
TLSH 06E4F12477D5EB4FC02B8F3B4542082466F0D9BA8B47F387ACD719ECD50E69D4A262E1
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: outmx-267.london.gridhost.co.uk
Sending IP: 31.170.120.152
From: Alison Briese / AGT Foods Australia <ABriese@agtfoods.com>
Reply-To: Alison Briese?/AGT Foods Australis <Ventas@imagencolor.cl>
Subject: Re: Inquiry
Attachment: Inquiry.r00 (contains "Inquiry.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/68894/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/484012
Signature
Antivirus / Scanner detection for submitted sample
Binary contains a suspicious time stamp
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 08:59:28 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uadcwedco4zewulrrovmciec6exxgxzxafz7umdtvp3qxbvqc27a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0af4ebf19534d057d10d355b34ff6fc481ce6e66814e193657a01048544e228f
AgentTesla
17b671d207ca3e6334ddcae8ce17f1317ccaf35e992fed85724313ee1919f519
AgentTesla
286b00dda63a28a1d22aae31f1622b04700207b92ab0f033e8885fb55eaa3e86
AgentTesla
2fe5ca185c663e5d06d0ade1a4e0f5d9c0994239102a5a1725aa7e25edbbf5fe
AgentTesla
5b48475bbc32e2dbd6ebfb746071c6192e57dfdfcfc0cfb1ae9f381663728537
AgentTesla
818343ec8323d98752f067ddc9c04d0f2bddcb4e4d14137b6c16ee01a8fae41e
AgentTesla
8600c1896f8c6835a9a5c44631ac45b319c0cc9b2e0a50a72bb37436a84ea96a
AgentTesla
8ee2c58f8a8fc555dc2be25df0f819e83f2c6c36a7513c18ddafe160ac94bf11
AgentTesla
bd5b53d0e2a607818e9d9438452f988d1d0b6c76674ae4d8143b38a4c0cf7abf
AgentTesla
cc87cc3cff16721cb3f7e6be1e5be62bcdacafd1fa70ec879c6a9c12a9b438bb
AgentTesla
+ 886 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-6mbt9yjh1a/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be
MD5 hash:
da828f6544e96bddef1c0e1535947f8f
SHA1 hash:
ad74766618949be3bb3f06a6c6749093e8500fdd
Link:
https://www.unpac.me/results/8afa7f15-98fa-4b99-8d92-1b1be92e9e10/
SH256 hash:
13b24d3a09d099dabe41cd6cd71607a77e14640b1e9b4ed2d60f6c012f191c43
MD5 hash:
109cedae3c384a1913107f1efad2b7c8
SHA1 hash:
1f7f35b0ed85fa12bb839cbce698e59a30813420
Link:
https://www.unpac.me/results/8afa7f15-98fa-4b99-8d92-1b1be92e9e10/
SH256 hash:
b41b7f38355c19d42bcba55a5b35866aab51b1ee899be196d57f38e1dec37e68
MD5 hash:
4d125e944bc9c22fa1744a540da3830a
SHA1 hash:
30389eb9cf13bb9000db687f23e07bf56676e184
Link:
https://www.unpac.me/results/8afa7f15-98fa-4b99-8d92-1b1be92e9e10/
SH256 hash:
a8a2e99c57c62043d72cae2699972f95530c3b24c17e950f9a8f9e5217e017de
MD5 hash:
559bbdb8a4436b5275d2c40c454f8b76
SHA1 hash:
34d2ef3dd4d5d393393fe82777bce18516b028fb
Link:
https://www.unpac.me/results/8afa7f15-98fa-4b99-8d92-1b1be92e9e10/
SH256 hash:
f0206cb13fdb67996f680e481d2d76a4f52f685615f633f8f38868fe8c51afdb
MD5 hash:
ff0ee67734f5770d1d8e74dca774bd27
SHA1 hash:
73f13681ab4254322088492960c328e5ff3d6830
Link:
https://www.unpac.me/results/8afa7f15-98fa-4b99-8d92-1b1be92e9e10/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 30bcb022ff079e522d8684b1f5952ab9ba9a45d975eaeb3d3d2175aee6aef284

AgentTesla

Executable exe a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be

(this sample)

  
Dropped by
MD5 6d28bfcbaaab08aecc72d77f213849cb
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/68894/
  
Dropped by
SHA256 30bcb022ff079e522d8684b1f5952ab9ba9a45d975eaeb3d3d2175aee6aef284

Comments