MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47c8fab622177ddaa495e4b9294c0949be6c7572ef15f831ee7c326af0200ccb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47c8fab622177ddaa495e4b9294c0949be6c7572ef15f831ee7c326af0200ccb
SHA3-384 hash: 3835585214f8df296aa6aa557dd0e5e76c9fe586ec285fcf8bcab5fd9e8891b06fc49f53c4021da3eaf71e3ce6ae87ad
SHA1 hash: a31da1296727fdc2e9b797ac8205ab471abd61ff
MD5 hash: 147e60c7616e0b0a74d0afa66ce0fa14
humanhash: fruit-floor-undress-texas
File name:kenn.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:528'384 bytes
First seen:2020-07-01 11:19:15 UTC
Last seen:2020-07-01 14:30:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5f3e5b8686e990e28a0956a16430ec8f (7 x AgentTesla, 1 x NetWire)
ssdeep 12288:6yZEbYyZiDIBJdDTPpdmouHwXop8ZJKgL/6gzawIZYvlTfyE:6yc+I5feQXvZJKeRzawIZYNT
Threatray 11'025 similar samples on MalwareBazaar
TLSH 11B42322D3909335E2841C387777AA701679B49653593BB53E19ECE7B93E489BE8030B
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18209/
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47c8fab622177ddaa495e4b9294c0949be6c7572ef15f831ee7c326af0200ccb/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 10:42:15 UTC
File Type:
PE (Exe)
Extracted files:
74
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7epvnrcc565vjev4s4sstajjg7gy5ls54k7qmpopqzgv4babtfq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
hawkeyekeylogger
Create hunting rule
Similar samples:
0b1ce90ba8d64281d16d29dac2cd146e81d18359c572cfd92840dfffbcd0f713
AgentTesla
2f82dffb6984064e3a865298818c2081de389fced1e4d98b12f2da014a74fcb9
AgentTesla
53cd853ecfa2ff227106ec0c7ff70f25732d42a70a2f07274862e1bc5510615f
AgentTesla
7927d24010f7ec25ea4026291036fbab975b5ff66398658e15c59165bb71e953
AgentTesla
9622729f9517d5a5eecd4a278ea564d750b17e300337a0f0e023c986bf0e537d
AgentTesla
9eb1f39ae32ed2c3289f148c0182ef2f8916fe7283400fcffd262798c08ded91
AgentTesla
a884c6f90ec51dc6d39304e05efe5820d5c11afcd90abeaca8969b4adb9448e7
AgentTesla
df8fe4098c22cd64afb8369348581a0ed7c924ea9ad659741e2899a32ab2e842
AgentTesla
e8832bdaa159f1e5a0f7e4ce323c8a302c0db9cd7eb6ba0434fee843d7333129
AgentTesla
faa14b162487c010a973901cb7a91e48c512b0193fd449be475f94c32b0ff212
AgentTesla
+ 11'015 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200701-rq2c58byv2/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xz cd79e8d8852d614ffdf727cbf85a3f0e0896b366dcb04365053990a4c42a5c5b

AgentTesla

Executable exe 47c8fab622177ddaa495e4b9294c0949be6c7572ef15f831ee7c326af0200ccb

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 cd79e8d8852d614ffdf727cbf85a3f0e0896b366dcb04365053990a4c42a5c5b
Cape
Cape
https://www.capesandbox.com/analysis/18209/

Comments