MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0548f5f843c7552c0c5b34be2cfbbb6f3cb4ed68f9d8c8881adaeaf7f4847fbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0548f5f843c7552c0c5b34be2cfbbb6f3cb4ed68f9d8c8881adaeaf7f4847fbd
SHA3-384 hash: e96bce6f6478dcf412b83acab51af85271c8b77455f0601baca3bbf9b9858267832ed3169f496d52d95c673188117fdc
SHA1 hash: 77f37d744ca6ce86683f93f11fa2d4583e374d50
MD5 hash: 71da20583127773e23ef61f4cd7cb475
humanhash: rugby-thirteen-juliet-kansas
File name:71da20583127773e23ef61f4cd7cb475
Download: download sample
Signature AgentTesla
Create hunting rule
File size:870'400 bytes
First seen:2020-11-17 11:34:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:978kJFt8LFmWkOqv5bOljWteOudlWMnAFOBP3oVHACCzD:y8D85G9OlCvylWMkOx3cC
Threatray 1'290 similar samples on MalwareBazaar
TLSH AF058D703120DB8BDAB917F0E856D0B02FE12D1BA569D24A7CD13FCF75B67100A5AA27
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Creating a file
Using the Windows Management Instrumentation requests
Enabling autorun by creating a file
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0548f5f843c7552c0c5b34be2cfbbb6f3cb4ed68f9d8c8881adaeaf7f4847fbd/
Threat name:
ByteCode-MSIL.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 15:35:59 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=avepl6cdy5ksydc3gs7cz653n46lj3li7hmmrca23lvpp5eep66q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
342af886075cca7fdeb8b212c3cfa6721adb1282dd670f0221a7f08cf1946dda
AgentTesla
4059c5c31844e43226ec7b22e9f971aec27765e3822685e3a6b4af541fa6ced3
AgentTesla
45729be7af7c3a3c18d7b032a1797d63655fccd33c6e494a478356b55b29ce38
AgentTesla
587cf31e6e23f0a2a06799111f1c0381f2d29187ab59cfee2f314cb6ae6ed349
AgentTesla
6adc726b1fed131552f57794978c3a0ea49e8f816092e106454e73539511e9e7
AgentTesla
6bc23ccd8612b26fde69c3c640beaf2b1997b5081ba210eb7b26f903c80b55da
AgentTesla
879fabd244225331efd47ce153381e8c2bcf02a9b81b430e346f6395ecc9c666
AgentTesla
a02fab001fe08ddb9a1ff1113714164bfb779c3c1829e0db5de65a9174f3af7c
AgentTesla
ce2c01bbc12cb5d903130e68a4e34056f292ebfdb307a185076c3e99b6f98ef3
AgentTesla
ee126cf35bbdcf2b2e8bbff8f27371910f9037799d4a3f5dbba16e5dc39797e7
AgentTesla
+ 1'280 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201117-5xpqyqctd6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
Unpacked files
SH256 hash:
0548f5f843c7552c0c5b34be2cfbbb6f3cb4ed68f9d8c8881adaeaf7f4847fbd
MD5 hash:
71da20583127773e23ef61f4cd7cb475
SHA1 hash:
77f37d744ca6ce86683f93f11fa2d4583e374d50
Link:
https://www.unpac.me/results/6cac52d5-0df6-43c7-b606-26a4288533e1/
SH256 hash:
5e34f70b1a3bbf3826430e2a9f718754794e7ba6e8ad4348f30b630ef1a2b254
MD5 hash:
4747adc97c540b3385c83f558b2d436f
SHA1 hash:
1539fad0dbd22b33bf1ac8080ae00066acdf4cd4
Link:
https://www.unpac.me/results/6cac52d5-0df6-43c7-b606-26a4288533e1/
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/6cac52d5-0df6-43c7-b606-26a4288533e1/
SH256 hash:
a3dc28aca4d0ebaf9aa0ba016e9dfb341197201a661de45e686b1c24b542799f
MD5 hash:
f9eee91e451e5a02f428a40597a35528
SHA1 hash:
e597d91186933e716429e3f06a8c203d08a10761
Link:
https://www.unpac.me/results/6cac52d5-0df6-43c7-b606-26a4288533e1/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments