MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bb9adda0e9ea445a320f71cf0c7c8a9ce3e4d07faf8ac834674746947e50bc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4bb9adda0e9ea445a320f71cf0c7c8a9ce3e4d07faf8ac834674746947e50bc8
SHA3-384 hash:	9cf1edf2acb29afce5634408927661d4055752248d1d5323868bc8c534fe00b6192e1e34adb43b3f3a36af359e30d8f3
SHA1 hash:	8883194ebe77d0a39b2b738303911e2a542a8525
MD5 hash:	e77e53c805e97088b272a5d3eac8bdfd
humanhash:	white-emma-nebraska-foxtrot
File name:	CT_87576.EXE
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	615'936 bytes
First seen:	2020-08-12 07:09:38 UTC
Last seen:	2020-08-12 07:58:41 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep	6144:BWklhqQv0XSyRw6TBTMoW8zJysQsJpZViri9fVNFOWnWs4zqu6sRDtlmEva4W7:2fGoTJysQsJpyriNdDp4zqu64XVNW
Threatray	127 similar samples on MalwareBazaar
TLSH	E9D41543DFB476D5D7AA167BE464010C8665AD0EBFE6E34B1B9CF0A8D9323508B13E12
Reporter	cocaman
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

66

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/43995/

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.60237.24846.29091.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/421576

Signature

a

c

d

e

g

l

n

r

s

t

Y

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4bb9adda0e9ea445a320f71cf0c7c8a9ce3e4d07faf8ac834674746947e50bc8/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-03 16:55:11 UTC

File Type:

PE (.Net Exe)

Extracted files:

4

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jo423wqot2seliza64opbr6ivhhd4tih7l4kza2gor2gsr7fbpea._file

Verdict:

unknown

Similar samples:

10eead56b5d7413b12b1fd1a4bf63dba2fa8995dad47d9a29577efd98264247a

218ab0970b729fe790515e64e9eab88b22893c7cac5594bd6d81b16e2245dcb4

5415e279ac5674de2c5ff76fac550a2588d156b59888c207f48bf81da76729b8

5c5408db84b06949b9aae7b528ad603bf17615ceac0aba3cd79cc92ed77b8163

7d95d648a3a6f221f5b9833c631e3a009454a0209666b717e091bf1886c995a2

8707af08ec5c7b76ea40346f7b62861080f534fc2438a30cda18260563a7c16e

9bd6661010ba5518e4db4cd619eb805765e72d5923065fbb46e4c48a6db7e631

a4cfc3715bff5df4b930adfd46eda975666cafebd5e538910680f44d105170a3

b1f60766fb1c9d311d8200f0d45898156f6ce60e9db644032731e9284bf1c552

daa21287c64f4ddf57136d013858af29aaa8ad92ee7d7cde68531f0b5979c55d

+ 117 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/200812-m9sl5sp5ex/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/4bb9adda0e9ea445a320f71cf0c7c8a9ce3e4d07faf8ac834674746947e50bc8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img e0a94229604c825e8d249210c5d30fe82dc4b922dd93b76c3fba977082b5d5e5

exe 4bb9adda0e9ea445a320f71cf0c7c8a9ce3e4d07faf8ac834674746947e50bc8

(this sample)

Delivery method

Other

Dropped by

SHA256 e0a94229604c825e8d249210c5d30fe82dc4b922dd93b76c3fba977082b5d5e5

Cape

Cape

https://www.capesandbox.com/analysis/43995/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample