MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 439cdf2c1eb3870a37188959dc1843be217dc00ae643d1f575c336f6b84dab4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	439cdf2c1eb3870a37188959dc1843be217dc00ae643d1f575c336f6b84dab4d
SHA3-384 hash:	ab2b9bf7e18cc6302524317cd0168c22f8cea2ceb1f8c2aa7b1b351bb6facdc6e4cceb70c6ff91de94c7ea5bae98503d
SHA1 hash:	dd0959f8ebfe83cdd6f2e9b46f96d754010c6da0
MD5 hash:	5450c856fbf6155c0bfcd979ea370421
humanhash:	aspen-single-blossom-ink
File name:	439cdf2c1eb3870a37188959dc1843be217dc00ae643d1f575c336f6b84dab4d.bin
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	443'392 bytes
First seen:	2020-06-29 08:47:59 UTC
Last seen:	2020-06-29 08:50:29 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:tFh1fO/3ChzRO17VGML7sg9IX+hjSrChYafwUCmqhZALgt2G1YqexIN7Feai/SC/:by3H0s2GBF7qhZALgIEN7FZcawhTN
Threatray	10'849 similar samples on MalwareBazaar
TLSH	2994E02173BC5B97EABF87FA146599104FF679A6A521E30D0DC230EB1836F018E11E67
Reporter	JAMESWT_WT
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

2

# of downloads :

74

Origin country :

n/a

Vendor Threat Intelligence

Detection:

AgentTeslaV2

Link:

https://www.capesandbox.com/analysis/16063/

Detection(s):

SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/439cdf2c1eb3870a37188959dc1843be217dc00ae643d1f575c336f6b84dab4d/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-06-29 08:46:53 UTC

File Type:

PE (.Net Exe)

Extracted files:

9

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ioon6la6wodqunyyrfm5ygcdxyqx3qak4zb5d5lvym3pnocnvngq._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

659d74d6d42fd86eb5ea79e7b74beb59c537da023e1290629cef1251704198cb

6ac0c15c014414f4b1f83b84e1bc7ae8d00864887f7bc8269c42e013a9ba40d1

7850417d2c934eda23e7c968df7b7ef4d76c85328092b10826c3a8652388dba7

7abaec22e2d5408fcfe8ac21d88f37636381762cd20dac1361eb98ad35dfabb5

7bbd309348415b8b286f9dba1ba5b5cd0b3be035a2c2c0148897e9354508c868

85e0b3c18a7e5fdfe64babe3f0e3d3c9740a48d24c9bbe90a788818544becb00

8f901388287c1af2dd8b842b84148350d8ea853c72b6f5d4fe3d8de7d87d8484

aa9df4f8056100406310008515c2504dfe2a1aeea23991ad9b3737aa711c7589

dffe7fe7b287e18288291cd5060a9f8a87c92e91bbed5a41a28f7c3914db73d4

e4776f228c9e7ea3f67c614257cc08b679660feec06a1eaf6f0c9531ad8a5378

+ 10'839 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200629-kf7hbvwgf6/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Reads data files stored by FTP clients

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/16063/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample