MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b020ed473e1a965d4de31c00fed475e683f808d9665b207bb41cfdb77f53bcfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b020ed473e1a965d4de31c00fed475e683f808d9665b207bb41cfdb77f53bcfe
SHA3-384 hash: 21dbe8afc9a335b925239336dd446394481094ea6304555d685e0d3fc70f383dca7f3c8906e7fc48bed86f428402a44e
SHA1 hash: 669730b9d7578cc3ae02d95450783124362fa14e
MD5 hash: 47f543a19962040a65bdd85947bb00b6
humanhash: stream-asparagus-social-mirror
File name:ANIS FOOD SDN BHD.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:515'584 bytes
First seen:2020-05-11 14:08:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:dP+M2bgMEmlFAWKCkNKLuY2cy8VOpxcwaEynH+hzgeEL25pWvQmzlqEAOCn:p4bgVeGWK/YFfKaAzdEa5o4slqEAL
Threatray 113 similar samples on MalwareBazaar
TLSH 27B4AE0527BD2B26E07A9BF518B0A461C7FA7627B1B4E3AC4DD214C616E2F40CD15F2B
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: euskoauto.vservers.es
Sending IP: 188.164.198.145
From: AMACC Corporate Services <collection@amacc.com.my>
Subject: Statement Of Account
Attachment: ANIS FOOD SDN BHD.zip (contains "ANIS FOOD SDN BHD.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:24:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=waqo2rz6dklf2tpddqap5vdv42b7qcgzmznsa65udt63o72txt7a._file
Verdict:
unknown
Similar samples:
2acce03be9204acbcc6fc59fa5bebc3720d91a9d7daa122c0ea086c4727fafce
AgentTesla
58933d7bb0147da562d240bc3c9974ecaa552f35495a773345e1e7d158f39588
AgentTesla
58fa191f38b25cab67921a0f3c0aba75e5254ca139733df9dca6eec26fae1377
AgentTesla
7a55018c2903edf26bdfbbd5df47c352197170b75a04af058a35d2332d9e6b50
AgentTesla
9fed5314906b5873cd970313215aeb2714819bb965dc4bb7648154f1dddb6680
AgentTesla
b9f1a9cdb6f068f9222b8cd906ed162d74be5662bb9dbad5540d8cc51d1a4e6a
AgentTesla
bbb3afd846cc51e61380effeaceabc21e15c8b4ccdab6d821697191605a00c60
AgentTesla
c324d9dd65de8e5ad44795db94a24c3b2b3db5cdd88d5c35de386e039772a364
AgentTesla
db54bb9d7b9d9bba3cf4945c6eb5f637f4726f5009d26e14857ff303abd16e7a
AgentTesla
f7216d025821af6be807018f12db7c5a5bd3cd21ef0176b02c6cbe0f05ac4cf7
AgentTesla
+ 103 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-tp6dep6ddj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip efd6040359f5606667a315e12fa51c1e3eab0a4aa969059f06fccc55a5a9464e

AgentTesla

Executable exe b020ed473e1a965d4de31c00fed475e683f808d9665b207bb41cfdb77f53bcfe

(this sample)

  
Dropped by
MD5 0aeffb2526e3c579504034d7fbcfcf96
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 efd6040359f5606667a315e12fa51c1e3eab0a4aa969059f06fccc55a5a9464e

Comments