MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9aa9d89d0760ce0c14b328f04921d9cb8ba75200eadcd80a6ba1015a6d1af93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9aa9d89d0760ce0c14b328f04921d9cb8ba75200eadcd80a6ba1015a6d1af93
SHA3-384 hash: 7cf64915b77b796f1bda2481420e8c4a7a3d3ae94426435b9ba4e4a0682458de4701b7ce9bcba10384f2226fa7b93591
SHA1 hash: b7797b4af67af09fc0f87b3ff180a07afe50941c
MD5 hash: d3424bc571aeb97da05101b999640d69
humanhash: high-cardinal-river-gee
File name:Image_001.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:387'584 bytes
First seen:2020-08-18 19:43:56 UTC
Last seen:2020-08-18 20:48:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'749 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 6144:TSstK+5JG7bt725mdMISV9VgC+ymXnfeUAul1b527uzggTIWW2/XMGOFws:TSsBJGHtuDISt6ymXnmUN/527uvWOX/C
TLSH 7484E182B5282887EEAC41F5A11269105FFA313B38A9E3E56CCF65CF19E6F541791C0F
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: torrespardo.ncloud.es
Sending IP: 185.57.172.23
From: Philipp Baminger <philippe.li@midea.com>
Subject: AG: AW: Transfer Confirmation
Attachment: Image_001.img (contains "Image_001.exe")

AgentTesla SMTP exfil server:
mail.vestatex.es:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48086/
Detection(s):
SecuriteInfo.com.FileRepMalware.8508.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Reading critical registry keys
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9aa9d89d0760ce0c14b328f04921d9cb8ba75200eadcd80a6ba1015a6d1af93/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 19:45:09 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vgvj3coqoygobqklgkhqjeq5ts4lu5jab2w43afgxiibljwrv6jq._file
Verdict:
malicious
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
keylogger stealer spyware trojan family:agenttesla
Link:
https://tria.ge/reports/200818-lyt1ky55fj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a9aa9d89d0760ce0c14b328f04921d9cb8ba75200eadcd80a6ba1015a6d1af93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img def40ffde09e312f84e978c7e51e936b79ceb5e123afa6539e804a7d5eaab510

AgentTesla

Executable exe a9aa9d89d0760ce0c14b328f04921d9cb8ba75200eadcd80a6ba1015a6d1af93

(this sample)

  
Dropped by
MD5 40b3023c6e1702a8285a8b7328676018
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 def40ffde09e312f84e978c7e51e936b79ceb5e123afa6539e804a7d5eaab510
Cape
Cape
https://www.capesandbox.com/analysis/48086/

Comments