MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a433d9d40efde586b6da1409014e23c3c08a668f3148682524406f852e239af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	3a433d9d40efde586b6da1409014e23c3c08a668f3148682524406f852e239af
SHA3-384 hash:	73e26174179b280e60dbec41406f394b73b5ec7c7c4ad4596d0771275755c77ce5ad1efbf5b0399acb53ad9316837efc
SHA1 hash:	6f0940bd1ef3c346ae460b380a62c7dbdb541f7b
MD5 hash:	2311eb5638dd15fe708a7aab0d18e668
humanhash:	virginia-rugby-bluebird-solar
File name:	SecuriteInfo.com.Trojan.DownloaderNET.54.27821.32112
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	8'192 bytes
First seen:	2020-06-25 20:32:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	192:nbHZzDwPFgZpDEwq9LaB+Bx0632ym0LRk:ndzsPeDEwq9La6x+OW
Threatray	930 similar samples on MalwareBazaar
TLSH	D4F10912F7C88739D4EB97B848F383501339E2565A07CF1E6CC4129E9CB6B548BA36E5
Reporter	SecuriteInfoCom
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

83

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/14534/

Detection(s):

SecuriteInfo.com.Trojan.DownloaderNET.54.27821.32112.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Creating a file in the %temp% directory

Creating a process from a recently created file

Creating a file

Creating a window

Launching a process

Running batch commands

Using the Windows Management Instrumentation requests

Searching for the window

Forced system process termination

Sending a TCP request to an infection source

Unauthorized injection to a recently created process

Forced shutdown of a system process

Launching a tool to kill processes

Unauthorized injection to a system process

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3a433d9d40efde586b6da1409014e23c3c08a668f3148682524406f852e239af/

Threat name:

ByteCode-MSIL.Downloader.Reline

Status:

Malicious

First seen:

2020-06-25 10:32:59 UTC

AV detection:

32 of 47 (68.09%)

Threat level:

3/5

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

1681aa9c53703a91a8feb2296051bffc02763c1663e8e50113d51c4b7cb37378

262e75b938cc8b65820cf4015f33ab3db363eb7a968c23bdd48e7a680d97a9f7

5c164b47abfcecfc8f75d220cffbe8a9de97cf956154783aae6d885c180c1e8d

62824d9a353a539053724252d3710008e5894f3580fec8449ec38b7828e7b389

8a6b671ef4fc65efa1bd306da35f4bf2a18814d1ecf0f868ff2f27177fb37809

a7116dc8a8296b97287b628c8cc8cc5fd834557d6d0fc29d5944fd1e4a30b8a3

a75040c1f0f11bf9629774525960c9cf35153727e1191057b575fb3c1ed0700a

aa30299c8266809acb727ef5ec89a80f0cdbcc848550607743f256438f00e398

aa4ea575f062475547ce69415145acded3eda98cff4e8e2b532b1f3201b1b0bf

bfb194c2020359da5169cc6eb2664551e61ccbe7c67af375c7c7c5c8f2b84bc9

+ 920 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

evasion spyware trojan

Link:

https://tria.ge/reports/200625-6cmt9tc1hx/

Behaviour

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetThreadContext

Modifies system certificate store

Loads dropped DLL

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/14534/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample