MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df517a9dbaa0829415080a30f0d2f4d0eb27082aa9f8706997c4f7b3008ebdd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df517a9dbaa0829415080a30f0d2f4d0eb27082aa9f8706997c4f7b3008ebdd0
SHA3-384 hash: b5b714a0d360c2a4488f463a986b2e6b028aa163c6ebed0452007871ce0c5728927a3d3c9287ecc7aeb8d08a005ccba1
SHA1 hash: 93ba9f5632dd46ec68706a02f4c34b5fd49f82f5
MD5 hash: 4778aae302047edb758db94a7c44ba33
humanhash: ink-carolina-oranges-white
File name:Shipping Documents Waybill no 69793741500.pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:481'280 bytes
First seen:2020-06-24 05:50:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:VfRDNMfwaaGA36qmCMnOMUskPt7SWxWx51LDq80ZOCA:5dNVH36oTSi6Xq80ZI
Threatray 332 similar samples on MalwareBazaar
TLSH 07A40247376CB513CABD16F598C19788D3B66E9B7683F2D95C8039D229C33E54A222C3
Reporter abuse_ch
Tags:AgentTesla DHL exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 95.211.208.25
From: DHL | Global | Forwarding <dispatch.dept@dhl.com>
Subject: RE: DHL单号 Shipment Delivery Air Waybill no 69793741500 24/06/2020
Attachment: Shipping Documents Waybill no 69793741500.pdf.zip (contains "Shipping Documents Waybill no 69793741500.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13438/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df517a9dbaa0829415080a30f0d2f4d0eb27082aa9f8706997c4f7b3008ebdd0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:52:04 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=35ixvhn2ucbjifiibiypbuxu2dvsocbkvh4ha2mxyt33gaeoxxia._file
Verdict:
unknown
Similar samples:
031b0bcde6e169070993f85f816ecaf48f46a90f40f2d08cf5e0089d11d25e32
AgentTesla
4067a7bbd1a542f2d386e5bc991bb5573f0d637efd8a172af6e928a409e04359
AgentTesla
76933bfe9afdf8d266352155f09995acadcab23345fabe2518d5bf15d45c9cd4
AgentTesla
851f1641fb283113cc5feb03c807bc82dc4d85ecd22ab8ff091a8edd71bb45ed
AgentTesla
91e414276a656dc9276aab26d67944f915e2267cd2b1b746193b1fc3225aaeed
AgentTesla
99a8b22ec655fd50aa2bdb93b05e8533ec539feeffacf592cf038a6ede299314
AgentTesla
b8214924a598b9fd3193099fecd6c3d09f06dc5e3a9af098642c7d5327c05cd3
AgentTesla
ba3b49260d4a7b2777b3fc983d532144bc7bab77e35f2608bbdc2854ab7a31d0
AgentTesla
bc02f7f4317f67dcc9ef60b524498431ec0ef0b261f715c4b20371e423b30fb5
AgentTesla
ee1f6bcbe750f9e059f7f68ac3706319a142f3069a86c8c02235c48a1ef1cc3a
AgentTesla
+ 322 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
persistence keylogger trojan stealer spyware family:agenttesla
Link:
https://tria.ge/reports/200624-xyjdt63ean/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Reads data files stored by FTP clients
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a9a5f2149058a1a9ab89cd0140fd9b6f91fe4d8039498e98dddbcf367de29fdc

AgentTesla

Executable exe df517a9dbaa0829415080a30f0d2f4d0eb27082aa9f8706997c4f7b3008ebdd0

(this sample)

  
Dropped by
MD5 0f848ab8906b0ac8d2831448ef9749e8
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 a9a5f2149058a1a9ab89cd0140fd9b6f91fe4d8039498e98dddbcf367de29fdc
Cape
Cape
https://www.capesandbox.com/analysis/13438/

Comments