MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda
SHA3-384 hash:	f20c660964b34bd8417679b37ebd2008774cab041bf32826e69d20d1427a8618e2656c56f0647ee8194e5baa1014dc31
SHA1 hash:	0b65d049f1c476d8b190c5eae97e5afc90656ae6
MD5 hash:	693ebae896e9bbc408a2d5fb6bc40695
humanhash:	maine-yankee-purple-hydrogen
File name:	DHL00117392073PDF.EXE
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	886'272 bytes
First seen:	2020-07-27 07:59:01 UTC
Last seen:	2020-07-28 07:42:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'602 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	12288:ATLZUTfytEzCdQgcYd6v0e2OhclyugdDnvrFPcNAD18:ATyT/Cd2YdXerhclyDnvhk018
Threatray	483 similar samples on MalwareBazaar
TLSH	94157D3938824538CD3A067188EC9DC37A6536493B95C72F71DB136DBF025AB7B6218E
Reporter	cocaman
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

7

# of downloads :

81

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/32724/

Detection(s):

SecuriteInfo.com.Fareit-FVT693EBAE896E9.24915.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Creating a file

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/398370

Signature

.NET source code contains very large array initializations

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-07-27 08:00:10 UTC

File Type:

PE (.Net Exe)

Extracted files:

3

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=25fezxbxx3nn64qzgktbdabzvmzspaomxohqbwohmpnemaxpn7na._file

Verdict:

malicious

Similar samples:

0521714934985980a67e433b86668cc41b263061aa20044bfc863ddaa79b3894

0c7692b1d78094cd9a2f5b4f89ed11dae4c370cc8acdff603a1a5f6328a2bd40

2579750fc31d553a0c28640684542d667f050c7cfe1fb04964ec03b1a9cf00e7

2a267254b993ac07447ffa6e2085d2e93f6dafa334c53f65d109d92082d1c350

415dde31bb66f5a6fa3b7ec84d5c1c33c4c6c7038e897dee5b562d8ce70246a9

8d031e2838762b455529124d1c0c6f4c5b7093486e5d34ad2b00d7f1c9aa0baa

d5a6e15de070836be0fd7d0cf2cde5957a4db1ce81224c5391d45c10bfd0eb4e

e30bf100d1da44721a89d48936ad9c0ece7e658ee4d83a84a81209b675dd0f25

ec7341298210fae2e147d0ed6b9f9cf9edfd87d7e3901083ac4ab7c7d98519ba

f70cd1568d92c035119e5bb9e8bf1ada495ba6f31c6d042ac1d98ac3060d59a1

+ 473 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200727-l3t996eqyn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Reads data files stored by FTP clients

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 8f7504de14779e115556b0bb2ea9c76982b46e9a48b3d8ed84946dc6aafdc30b

exe d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda

(this sample)

Delivery method

Other

Dropped by

SHA256 8f7504de14779e115556b0bb2ea9c76982b46e9a48b3d8ed84946dc6aafdc30b

Cape

Cape

https://www.capesandbox.com/analysis/32724/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample