MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7648810cfb22e44f944ce7ad2f58c6fb0d2577652d79d72a210e83938f716b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7648810cfb22e44f944ce7ad2f58c6fb0d2577652d79d72a210e83938f716b3
SHA3-384 hash: 026d6cdc60d6d26564a8d06dfd3332940c149fab18b6a12819b91534bbdf587a833600a575596850ad5c9e6d2d9a31a3
SHA1 hash: 39ef1d601f762952afc4c763cf0eaf27d0745b63
MD5 hash: 17ab7c7bfd830d3b6ca5a40477633604
humanhash: aspen-sodium-cold-arkansas
File name:de9010286.bat
Download: download sample
Signature AgentTesla
Create hunting rule
File size:449'024 bytes
First seen:2020-05-06 10:09:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 6144:aarde0eC5rCUY32YephB4C58+FTCUcOB8wd9es1aV2wzQy3OW9Atu3v7CP3uY4ZO:KlClCU6UphBt586Wg3Hes+bpPaC2Rqf
Threatray 73 similar samples on MalwareBazaar
TLSH 2EA4E0202DFF911BF277AEB51BE035D7AA6FF6333606E25D548103478A22A41DEA1137
Reporter abuse_ch
Tags:AgentTesla bat


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.easynet.es
Sending IP: 213.139.0.17
From: Purchase Order <presidant.c@pediatrician.com>
Subject: POHG61240 -KH92K
Attachment: de9010286.bat

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44637.28427.23603.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 01:03:21 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=45siqegpwixej6kezz5nf5mmn6ynev3wkllz24vccdudsohxc2zq._file
Verdict:
unknown
Similar samples:
2f425f47756ffd6fca6b449b766d0c073ffda51ed9055a91488b9a72bd5f5546
AgentTesla
70a47bc4b27037b13134fbccef50134102271d80cbe39e5d5fc7691e1ca01e71
AgentTesla
74aeff83c3d94e44e9cafd5e4537b66ef89c87f5691472c672914d5b3028d994
AgentTesla
76fb1d5cfa8df8ed4576587c6a45169f8fb052ca345d3479ea6948d26cd1d9a7
AgentTesla
8ef32d6af947a4d8fe18a7d26f6407c3dbfe687d97d24551189cc33cce4a64a4
AgentTesla
971609985552df81174bf8e23ca9fd7b6feff1f8e86ee5e28b535d955e3358bd
AgentTesla
98a776dc4ed21a6077c36b849adb09ae3731d66c9485279dda469bbcded06aac
AgentTesla
a3b4f9b425bfb0ac4ea5c7007f880658910320c95312766d59ffa6d44a658926
AgentTesla
a4d4e606bd62e9e913589f5a0ba79d8fde4e5d0d1ba517e9cfa2c4b2b441f610
AgentTesla
ed9ead85667d2ecb58aaee4c9e803159cf7d214ac5bf09653aa5d67734b2e5e6
AgentTesla
+ 63 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence rezer0 spyware stealer trojan
Link:
https://tria.ge/reports/201109-x67yswe9e2/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
rezer0
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe e7648810cfb22e44f944ce7ad2f58c6fb0d2577652d79d72a210e83938f716b3

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments