MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f961b3aec87937a824418177759ef0fcff251770db2104664ce964c51af85621. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	f961b3aec87937a824418177759ef0fcff251770db2104664ce964c51af85621
SHA3-384 hash:	1e2b8852595309b090e620adeb7d5dd8a7b46a5b7a5f9cd4a1f1c6671660505914400fe111b774421393bb89d252f032
SHA1 hash:	d5dc4a15186b588e2aa76ed35bd789c43c951fa0
MD5 hash:	f8c66d4bdd8432bd9d33cad7bbee831d
humanhash:	papa-lactose-charlie-monkey
File name:	Payment SlipFor Balance Vesse.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	425'984 bytes
First seen:	2020-05-19 14:14:25 UTC
Last seen:	2020-05-19 18:39:34 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c458ff2d515beb8f44158cd3636a7400 (19 x AgentTesla, 6 x NetWire, 3 x HawkEye)
ssdeep	12288:4Lr03pJOxumjKeYXKoue6JHc6ZWIqTU0LTlI5sb:mgZcMYetuzJ8WqLxI5sb
Threatray	11'254 similar samples on MalwareBazaar
TLSH	CC9412CFEBC042BBC51AA43302472D90B66EF042261D7F935636E84EF1719A7EBB1255
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

3

# of downloads :

80

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

PUA.Win.Packer.Upolyx-12

PUA.Win.Packer.Upx-6

PUA.Win.Packer.Upx-4

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-19 15:20:00 UTC

File Type:

PE (Exe)

Extracted files:

513

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7fq3hlwipe32qjcbqf3xlhxq7t7skf3q3mqqizsm5fsmkgxykyqq._file

Verdict:

malicious

Label(s):

agenttesla

hawkeyekeylogger

Similar samples:

00bb775a83dc7120a7ccb4d446b4bd555232631b15feb2d6472b52972b90c97c

08b8b5c623bd115853cacfa860262fc966334f844a0bda1ed0dfb64bed0e8504

25d747802b9ce8ff29860bc3fd6c9822b18108b8b0b1f0b781924203f4ff48f3

4171dc8b0156c5471ff44e843ff7bf8bebb750ff7b1988b4ad18982892492093

8693d6aaa3f5cb0e2c6e725eaa9d6abf1bcf8f8390625767312b5af32e204118

99ebc0bf98a16152a009ceb9f57f5ffc55153422f23c80b34b7046cf21eec353

c3d8a2df50dffafea2a385695cb95e534bbb16c3ccb22675d8f1cc40dd4b4bba

e00520e9dbd220029d136401e441b14cc1f0b77272305a4ed045253b83c72eb4

ef815a60779a455c972b48db32df542ea756480065844ae3984da559e9faba5a

ef99cb1072520b6ca4f08d4684f795a17e92dbca8ef03d3875da1ca2b33021c0

+ 11'244 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger persistence spyware stealer trojan upx

Link:

https://tria.ge/reports/201109-rdc7hlwkss/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies service

Suspicious use of SetThreadContext

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

UPX packed file

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 32c5df45cb0fde2bc54acec7645e84966e80df3d1da65fa74cc660c829262131

exe f961b3aec87937a824418177759ef0fcff251770db2104664ce964c51af85621

(this sample)

Dropped by

MD5 509d162d9e49bd5114ffa80644df1e95

Dropped by

SHA256 32c5df45cb0fde2bc54acec7645e84966e80df3d1da65fa74cc660c829262131

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample