MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb628c8c40f828cff85349c23483dcfb5b2ce2ce68916a6f1de72ed514cd01e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb628c8c40f828cff85349c23483dcfb5b2ce2ce68916a6f1de72ed514cd01e6
SHA3-384 hash: 506a1cf715191d04fa147de788ee91a6a4904a0e6e9f423ef40e0c860415c1732f26bc4a77b13b151c0d087eca759ca1
SHA1 hash: 20d77eaa6536a036582e720a90f7e4168b6e52ac
MD5 hash: 3415166809754493c273c0aa6d30063e
humanhash: single-pizza-oregon-enemy
File name:Sample60000878.scan.pdf...exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:690'688 bytes
First seen:2020-10-07 05:05:24 UTC
Last seen:2020-10-07 06:23:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:FCu0FFvEzhZQQnLjM97EDPNAJrdM4CdNR+5vvNNGTGcekL7gSM86aTe1nJCuBj5:FTEvrQnv6ADPkrjCt+tvGGcI86Oe1Mu3
Threatray 1 similar samples on MalwareBazaar
TLSH 0BE4E149AB44C510DD7D5BB4F4384CF0066A7DA6EC34E60F2E88BE6977B33E2056364A
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.shvietnam-vn.com
Sending IP: 45.95.169.113
From: info@shvietnam-vn.com
Subject: Re: Confirm availability of attached Products
Attachment: Sample60000878.scan.pdf..rar (contains "Sample60000878.scan.pdf...exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Agenttesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/68769/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/483674
Signature
Antivirus detection for dropped file
Drops PE files to the startup folder
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb628c8c40f828cff85349c23483dcfb5b2ce2ce68916a6f1de72ed514cd01e6/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 02:22:24 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7nrizdca7aum76ctjhbdja647nnszywonciwu3y544xnkfgnahta._file
Verdict:
unknown
Similar samples:
33f3c581f4bc6cb4c7e6b63a6857220ab404020f188650f11bf0ec55e96877a4
AgentTesla
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-zyal573cms/
Behaviour
Drops startup file
Unpacked files
SH256 hash:
fb628c8c40f828cff85349c23483dcfb5b2ce2ce68916a6f1de72ed514cd01e6
MD5 hash:
3415166809754493c273c0aa6d30063e
SHA1 hash:
20d77eaa6536a036582e720a90f7e4168b6e52ac
Link:
https://www.unpac.me/results/8835611b-e0b0-4791-995d-dfd46c0d268b/
SH256 hash:
cd2d6ad4fc11cc17217ca4d12443bc83e343c5c4fbea3e659f8676f2bc02260f
MD5 hash:
808b9bce830dad39c0ec77a07241b1ea
SHA1 hash:
7ef987abb0f88dd57bf8d20dd3e189a150bbfc9a
Link:
https://www.unpac.me/results/8835611b-e0b0-4791-995d-dfd46c0d268b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb628c8c40f828cff85349c23483dcfb5b2ce2ce68916a6f1de72ed514cd01e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3d723264f522ce6a5f4b9ef7d9cb5ac9d150e32c4309bbe0b6e4110aafb84e5f

AgentTesla

Executable exe fb628c8c40f828cff85349c23483dcfb5b2ce2ce68916a6f1de72ed514cd01e6

(this sample)

  
Dropped by
MD5 e87f467ebbe964660a1d0def04f8b5fb
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/68769/
  
Dropped by
SHA256 3d723264f522ce6a5f4b9ef7d9cb5ac9d150e32c4309bbe0b6e4110aafb84e5f

Comments