MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fa155eb99d47c1e8374b8bc40050c24a8e18172c7a2db5d777f36b33c297ec6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	7fa155eb99d47c1e8374b8bc40050c24a8e18172c7a2db5d777f36b33c297ec6
SHA3-384 hash:	ef9500a735564181fa95ca7cc279996691d651f4aa91ca2d4dd9092e4be05d34adc52162056f3567bcec7fae5c580bd3
SHA1 hash:	c5c29221fd4a3781024cbce0989a9275f83f091e
MD5 hash:	494d439954953735170e4fb62ca5f48c
humanhash:	freddie-north-happy-cardinal
File name:	5kH711a9BXCtVjr.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	473'088 bytes
First seen:	2020-07-23 08:09:50 UTC
Last seen:	2020-07-23 08:51:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	6144:5HZiuslybhbhK3sG3O6lu2WqkCMX8JMIY8a+K8axO5WRfowTXqJAKr:5H0fyVbiO6lue3/+8UyEVT6J9
Threatray	56 similar samples on MalwareBazaar
TLSH	9FA48D06CBB869EAE76A037DD06604059BB9A51A13C6D35E1FC3F0BE28A3750CB13D57
Reporter	cocaman
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/31511/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.398.28982.18788.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Using the Windows Management Instrumentation requests

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/395778

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7fa155eb99d47c1e8374b8bc40050c24a8e18172c7a2db5d777f36b33c297ec6/

Threat name:

ByteCode-MSIL.Spyware.Negasteal

Status:

Malicious

First seen:

2020-07-23 08:11:06 UTC

File Type:

PE (.Net Exe)

Extracted files:

2

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p6qvl24z2r6b5a3uxc6eabimesuodalsy6rnwxlxp43lgpbjp3da._file

Verdict:

unknown

Similar samples:

0a9e7542b65b3a7c5e1a11a2b23c2366fd53bff3205bb9d1656d4e32d1f0068b

1914523f38d5ab29cb80d4553d2b4d86741aaa3c6163f3ced9dd3efdc139d694

1babda8db79c5d785a60d3d2bd721a9cbcab037420c47bcb2bfbfdaad5797124

25a846abad50a711c8b05b24bf27319b67e300203960c9d5a07359ad81cca41b

464e2cdc647f312a60d4431fa0d4658a27916bb5fd3fc92986a4d5a03b8039dc

b011d9fb5b07d8346bf6abb167816f4df166897a2f333111f0c01af2de1c6579

b2bcd8d3a82d86459384063b335f5be3c9615de574c4e2bc1ca6963eb1c9b721

c9cafe28ca1a718f8538408c38bbdb87e4988ff11f4a450187388266007f1724

ce026bee1dbbb52c3350d99531f92ee2cfb8426d79170b839d79e74b99a35e96

decd86e7f77eb20882b95f347aaf81a94b5c6c8442e3807368f9707a98c12b89

+ 46 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200723-7bedp6qhej/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7fa155eb99d47c1e8374b8bc40050c24a8e18172c7a2db5d777f36b33c297ec6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 69bcc322658e88e1d69e439edc6fbbda67348712a1b86a85f63cda74ebd42d43

exe 7fa155eb99d47c1e8374b8bc40050c24a8e18172c7a2db5d777f36b33c297ec6

(this sample)

Delivery method

Other

Dropped by

SHA256 69bcc322658e88e1d69e439edc6fbbda67348712a1b86a85f63cda74ebd42d43

Cape

Cape

https://www.capesandbox.com/analysis/31511/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample