MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82cc4887e303142d81ec7d606de24bfe9d14d3fd2d867759b4c150f502d456ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: 82cc4887e303142d81ec7d606de24bfe9d14d3fd2d867759b4c150f502d456ed
SHA3-384 hash: d9e4b7e4f90af6b693c197d5a84937eb7c2034f14b6beff2d5d1710b8df096ba862645e4bccc2f2fc1fad54fbb7c348a
SHA1 hash: 12892d6641fd748331d7aede80b660701e0d45a1
MD5 hash: 93993f994aa01d44877418064b35a6bd
humanhash: hamper-florida-carpet-rugby
File name:newanyiorigin.exe
Download: download sample
Signature AgentTesla
File size:477'038 bytes
First seen:2020-07-31 10:00:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c2c71dfce9a27650634dc8b1ca03bf0
ssdeep 12288:PanTh4l8KYuE96JgOJrs8JVMbW+mtoUnavo:Yh4l1eL+s8vmfUaQ
TLSH 56A423197295C893CF2109B2413C7E71F67AE67C059E129F6B003E4B39B5A8B8E4F217
Reporter @JAMESWT_MHT
Tags:AgentTesla

Intelligence


File Origin
# of uploads :
1
# of downloads :
37
Origin country :
IT IT
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Result
Threat name:
AgentTesla
Detection:
malicious
Classification:
troj.spyw.evad
Score:
76 / 100
Signature
Installs a global keyboard hook
Maps a DLL or memory area into another process
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-07-31 10:01:42 UTC
AV detection:
16 of 31 (51.61%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
NSIS installer
Threat name:
Gamarue
Score:
1.00

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments