MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd82b1a2b9f3ce0fae191851be22d38bc8e44d72c12cc3e434c34354c07c0d86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd82b1a2b9f3ce0fae191851be22d38bc8e44d72c12cc3e434c34354c07c0d86
SHA3-384 hash: b8de214f35940820b56fc547367fbc75abbf623721a1a53db49678ebfb1ee48cf1d842ad7eb37f7e37617da5321c3037
SHA1 hash: d972f854fce12e9e1a25b5bbab176f9ef8b718f8
MD5 hash: 8e8a97c062ee7121cd73dbae81bfe44b
humanhash: sink-edward-tango-sweet
File name:Payment 조건 협의 변경 알림의 건.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:551'936 bytes
First seen:2020-05-05 12:04:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:lQaFuljI7b/odp2zdzST4DVw/MESIe0k17r14jeW643pkdK1hZYq3JGJr:Z97jUmK/MElf6r14jeW646KPZL3
Threatray 10'640 similar samples on MalwareBazaar
TLSH 51C4071E4BA8026BE03099B1C7DEBE016190693D3E43DB79FC5676437A62BC951B343E
Reporter abuse_ch
Tags:AgentTesla exe geo KOR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 161.129.67.184.static.quadranet.com
Sending IP: 161.129.67.184
From: Account <account@haitian.co.jp>
Subject: PO 20203058-1, Payment 조건 협의 변경 알림의 건
Attachment: Payment 조건 협의 변경 알림의 건.img (contains "Payment 조건 협의 변경 알림의 건.exe")

AgentTesla SMTP exfil server:
mail.nsmelectronics.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 12:36:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3wbldivz6pha7lqzdbi34iwtrpeoitlsyewmhzbuynbvjqd4bwda._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
18660b423ae5a434d0a70081dafd8db7979de182cb8190ff7f22ed12b9fcbe18
AgentTesla
2e51ce030cc6b516a07506283b3056c047d4f13099f4b0aefc5ed2f6b6c744f1
AgentTesla
5e8cafdd210f3325619e1b0c1c874f1e1fa335255882a404f70da229198f4e85
AgentTesla
7b03e00914476eace20a26c81b2568ec58e5debae251f111ed8009404b1b974b
AgentTesla
9bef20b54e2e90ef3afb0cc692ee0a4f5e843f38a3bd75aaee29e506f27d6b32
AgentTesla
b195fee151a6483484e21e537b3c4cc62802ce015048fee3425fb70210e74bd0
AgentTesla
bcfe28b074cc1d9b0fb7896ee3eb4d28c240bee33cb76578f0f9f1ef90ab92e6
AgentTesla
d43d73de0937150cc384283fe5f3a0899c5c0a9e9461d60cb9f18b193554c26a
AgentTesla
f8166c3c857a7a3ba99515cf6ae242a78050fba7608e24a88e2559e0063a187a
AgentTesla
f9ed4c08e84ddbd335d35d4ddeb614143786ed1bfbfc840aea630710e3a01904
AgentTesla
+ 10'630 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-n9y854zky2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b30e93f8d2a9469c0de55cc8585992ce

AgentTesla

Executable exe dd82b1a2b9f3ce0fae191851be22d38bc8e44d72c12cc3e434c34354c07c0d86

(this sample)

  
Dropped by
MD5 b30e93f8d2a9469c0de55cc8585992ce
  
Delivery method
Distributed via e-mail attachment

Comments