MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6b62ef1705eb10b32890c775836744bb1bd996aa60d34181a088fea4ac7125a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6b62ef1705eb10b32890c775836744bb1bd996aa60d34181a088fea4ac7125a
SHA3-384 hash: 762ae43131d3989b3b6fed71af728e786f3c353b93136c27de88cc1d9818944d5c66c1de848992682d2467e18bbfc99a
SHA1 hash: 9f2024926a0390d1c629ba602f0250bb6f75b065
MD5 hash: dec5ea908d6b1d3dcc2cb436c9bda6f4
humanhash: bulldog-monkey-leopard-potato
File name:DHL0011739028302PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:950'784 bytes
First seen:2020-05-11 13:03:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:IzgnJHX+nOZRnqQosipswMFwRW4N+Gqh0OlXquaPpJCJKSgb3rA/:Iw+nOKQjipcFoW0OlcPuJHW3rA/
Threatray 715 similar samples on MalwareBazaar
TLSH 5615AE3739829068D43D01B0047EA9D1AA3B3A853B568BDF319F631CAF8275B7B5314E
Reporter abuse_ch
Tags:AgentTesla DHL exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: north.xsystem.dev
Sending IP: 46.4.71.51
From: DHL EXPRESS LIEFERUNG <luis.caceres@dhl.com>
Subject: DB_DHL_AWB_00117390021 / AD
Attachment: DHL0011739028302PDF.iso (contains "DHL0011739028302PDF.exe")

AgentTesla FTP exfil server:
ftp.eden.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EKIY.28364.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:38:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=423c54lql2yqwmujbr3vqntujoy33glkuygtiga2bch6uswhcjna._file
Verdict:
malicious
Similar samples:
0874efe680cfb9ab53997e6f4b5e1159d1d4d51f485a6845fc90cd03d10ca29f
AgentTesla
38cab7aaec4c38fcb5a56b1006e584c329513147d22738258f4428c2568d92a5
AgentTesla
4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6
AgentTesla
4e95bcf9cf3ddc47f0ac38cf8657a7e4e136e6204dff183aa302263280cf9c48
AgentTesla
55b9d7cc4b318717f3c48239616132442ee5815c4897d3b154444b825b44657b
AgentTesla
668c31c58c0816f31b863d088cb88ff43f7c69aeae0e21734f96dd9a5992a872
AgentTesla
82df2d9ba67f275874caca138baea0b54e90ffd727d561072243a9d9026569ae
AgentTesla
d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda
AgentTesla
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763
AgentTesla
fcfc827205cd38cdf997f72b1d58eba51ac12da6ba5939279b626522b11fd938
AgentTesla
+ 705 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-x4b2jthlg6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Modifies service
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 3b3c6e471bed44a18a9070399e6445886e27b8486dfe4b52c3ca7da1a3db6387

AgentTesla

Executable exe e6b62ef1705eb10b32890c775836744bb1bd996aa60d34181a088fea4ac7125a

(this sample)

  
Dropped by
MD5 e47c57d0508a1c0163bc8eadb3bc6901
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3b3c6e471bed44a18a9070399e6445886e27b8486dfe4b52c3ca7da1a3db6387

Comments