MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b39bfd9c6e2e5ccceeef85ae9eef7ddbbb5e6980f102b3c8fe2e075496a27b2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b39bfd9c6e2e5ccceeef85ae9eef7ddbbb5e6980f102b3c8fe2e075496a27b2d
SHA3-384 hash: 3275a44044eb448e0dcca689629c9b4da0cb71b9b89e5ac9589c31ccd268ab7eec799c9964ce64957d2d2cd7f7da9a3a
SHA1 hash: 8a67b2a54224362ebdc3b9c3a79888f78e6ea525
MD5 hash: aa116cf925d0073d4067a79d5a99218c
humanhash: network-yellow-mars-triple
File name:NaruÄ ite 0521360021.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:731'136 bytes
First seen:2020-06-08 09:14:01 UTC
Last seen:2020-06-08 10:22:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aabbb4372eb59a483c2eb11dc6aea9c8 (9 x AgentTesla, 2 x HawkEye, 1 x AsyncRAT)
ssdeep 12288:zsCOryB5QNN5JIrumfugKrcvi4nWV36lvOIRlm/KkB2biCcI4Q5VMRADGOEzx:Ib65+JIr1uvY7WF6lvOIRlm/KkB2biCS
Threatray 11'166 similar samples on MalwareBazaar
TLSH 41F4A022E2A11433C15316FD7C3F5778982ABE513B2865862BF7DD6CDF39681382A187
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mxload.webglobe.sk
Sending IP: 212.57.32.37
From: Alen Geler <esivakova@mlproduktion.sk>
Subject: Naručite 0521360021
Attachment: NaruÄ ite 0521360021.arj (contains "NaruÄ ite 0521360021.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:15:08 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=won73hdofzomz3xpqwxj53353o5v42ma6eblhsh6fydvjfvcpmwq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
hawkeyekeylogger
Create hunting rule
Similar samples:
1ed3c42dc55cea08e8c7b5b51ad64246f729865c1c9bb6b34d988f406825e83b
AgentTesla
3ba3b6ed1543c0f62a5ad0fc2a2afa116c86ec33fa645eee99a78cf64033ae54
AgentTesla
80ee42d530f42fd7717450f85e3e68dbea5e0dbf7c856a381dde02c7dfb5b5cd
AgentTesla
81d10af9f4fc92dc27a2ac203e90e53b3e0a47d2581a76c36a215ed84281f46d
AgentTesla
89581b13e744458c0f64ed2f07f464428f28153862ce5594ed875e3d20b43c23
AgentTesla
9346abda4d705ecc5d46797989616589058a19fa3857c232ff5bec166051830a
AgentTesla
c893722ab8df6a931a152f0726b1c3de85ef306e746f9b597c7e5d148c9944a6
AgentTesla
cc764009f2970de6acb84a66e9a21b4d854d92aeee5364ffe513bdcb542bdd7e
AgentTesla
ddefa12712998a6705858c96559d4f08a6f75615298c321be7eecc1a60ccc04f
AgentTesla
f1cb2240eab8c2a7807b5a2b3c9b8f8320d88d7ec5a75dc28280fa5522e8e35a
AgentTesla
+ 11'156 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Create hunting rule
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 16c81eb7ab780d2e81af35f0387792ca5b0b423017ed3b8684c704fc88d25f05

AgentTesla

Executable exe b39bfd9c6e2e5ccceeef85ae9eef7ddbbb5e6980f102b3c8fe2e075496a27b2d

(this sample)

  
Dropped by
MD5 34ed19c4a5938bef51e447000a528582
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 16c81eb7ab780d2e81af35f0387792ca5b0b423017ed3b8684c704fc88d25f05

Comments