MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc6eb4d716d3a1c045090d38abe87f80e14ab2bbb997268a2190332fb7563dcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc6eb4d716d3a1c045090d38abe87f80e14ab2bbb997268a2190332fb7563dcb
SHA3-384 hash: f32e93c17935fb328a401b5cda6f2d88e20bb7bfee56f3112e7dc2dfe0c83d73b345d473f45ea81a8fb4aa8ac117fed0
SHA1 hash: 5c63048f206a840dbca23a180a40cc779f83c136
MD5 hash: 0a4c415b90d91976ff00b18e605655de
humanhash: lake-sierra-cardinal-robert
File name:Druckdaten_PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'035'264 bytes
First seen:2020-05-14 16:28:53 UTC
Last seen:2020-05-14 17:43:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 24576:+mHI023o2RlNdd4flTWCnApGILcdaXYULtDu:ZI023o2zN0d7PWc4Y+Ru
Threatray 422 similar samples on MalwareBazaar
TLSH C725F10076FD5E19E33A9FB105A29010CEB1B667B952F3AB5EC115CE09E9F80CA41F67
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway10.unifiedlayer.com
Sending IP: 67.222.60.246
From: Connie Yang <connie.yang@unitech-e.com.tw>
Reply-To: Connie Yang <ken@chainye.com>
Subject: RE: VMI OC 422720 - UNITECH FOODSERVICE
Attachment: Druckdaten_PDF.zip (contains "Druckdaten_PDF.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.9466.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 16:35:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rxljvyw2oq4arijbu4kx2d7qdquvmv3xglsncrbsazs7n2whxfq._file
Verdict:
malicious
Similar samples:
29f20793c95925c35611390902e709a7e12562afe8b3c7298c911e5dd9871526
AgentTesla
47799b4853ffa2cb541f153f0b50fc335324a5964e04093a8316d4a62eacc8f1
AgentTesla
49ced6e317fa96af1310ad10e5b71fea0d84e03b42ff0434f11d312ebb62dbcf
AgentTesla
8a3dd3eb355760a77c7bd89e2316c7741e37f9b20435a23d144e58ba856bd7c7
AgentTesla
8bc95f1ba65bf54858a20c62bf09e9e39027f8be74369c25401b5e4503b1b553
AgentTesla
a2a4fc12990dcf4a9778f96840b49be84f9563edd2b5209b6dac1ffb2ed8e38d
AgentTesla
a760f527a357c0102eb9d9ecc6ca76f245d34237b230ce9a38e83ae806ab13cb
AgentTesla
c16e569fe7d77436566b268fab7037ab71efb99a5108aa452602479267508305
AgentTesla
cac67b5ab04de81f69b8f4f882ad22e26672a61ed96d2e1f69d72f59c36bf401
AgentTesla
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
AgentTesla
+ 412 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger coreentity ransomware rezer0 spyware stealer
Link:
https://tria.ge/reports/201109-tscmktvkhn/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
rezer0
CoreEntity .NET Packer
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

adf3dd135a2c802ae3e64914be1590d5

AgentTesla

Executable exe dc6eb4d716d3a1c045090d38abe87f80e14ab2bbb997268a2190332fb7563dcb

(this sample)

  
Dropped by
MD5 adf3dd135a2c802ae3e64914be1590d5
  
Delivery method
Distributed via e-mail attachment

Comments