MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a
SHA3-384 hash: 6718eaf859bab4a59bbab019886d0df72c6fa256dced7d5304c1103fcc3807e7a0e95b83616c49f11ebd7287dce33fd2
SHA1 hash: ab1a4db47be725a80e4b03b9f5caf9dae8f680e5
MD5 hash: f868c1e77be92a2bdcecd727781b39c2
humanhash: emma-london-south-timing
File name:S2107Item.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:776'704 bytes
First seen:2021-07-22 06:10:18 UTC
Last seen:2021-07-22 06:55:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'604 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:aoSLVwbAvenOr9okDd5XAbX8sziL2tvoqzmGEWZ6mxcMJDe01FAU9FEEip+yl:a9VwbAvenydXgBiytpzrGGe01Frgl
Threatray 8'000 similar samples on MalwareBazaar
TLSH T145F4F1093790AB4EC17B8E7BC4501C10DBF2E5276707E7876CC216EC299E39A9E17396
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
AgentTesla SMTP exfil server:
mail.logoffices.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
S2107Item.exe
Verdict:
Malicious activity
Analysis date:
2021-07-22 06:14:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/564f2a3d-1130-4be8-b9fb-9a123017b439

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/173229/
Detection(s):
SecuriteInfo.com.ArtemisF868C1E77BE9.23875.29741.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bef1de16-8089-463b-ac04-ff41a9e206ae
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/819951
Signature
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-21 21:36:51 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bcoc5cdtggcmulterth6kyhybc4csyvigkiqenmezju4yngqsv5a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1fa08d9326a1d7f294124f69dda88c2cb0422025658c0ddc5664ce3e3dc7cb86
AgentTesla
4b2d7c3ea69eef113fb46184310c3f1579d2545c0f618da316b237e25c12f97c
AgentTesla
6fdec127b0c126db77ce73d47733dfdca0ec42ea56617d9fa5f6f0c1f0b71be6
AgentTesla
8b9abfcdfed4c5a95b6425c5ca75d7b0a17e43e42d6f78cca6f7d8e8c2d7a967
AgentTesla
8e185bd58ad5131fdbe60c267f00b1e661d39eefe850543fb56243662dbac318
AgentTesla
8f75c88c3376308b7053698d849a6f228cd9ebde1fec893fa850d4fa9e9ac25a
AgentTesla
a14532851a6cf9501f2a4f5b0ecc61d4ef8e10d220a401b220cd06ae8f83aeee
AgentTesla
aadf4a2325f03bbc80d38bc0c033e5ecc945a9b132570533f5a3fc41a6e034d6
AgentTesla
bd2b74e08fad018b100e51f29b67beb001afac1b243e73f4180d22879d86c639
AgentTesla
fad29843768b7dc1c65669f75615d0d1435848479132095a1590a7cd667c8fed
AgentTesla
+ 7'990 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210722-y7by576rhe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
f9e862187164646a5961f06f89f562ce5d0a9b0984f37c3e923de029ee670f6d
MD5 hash:
0bb2c678cb0c0abc0d0ad81931e006aa
SHA1 hash:
75684e11d2653d7e5905f004622a74fab1a85826
Link:
https://www.unpac.me/results/b6f76cf6-02c5-4f49-af67-01eb00f58c75/
SH256 hash:
65a67fc7c6759547aea3d9dee0cc08f47f172058e8a70e42adc6d2334849b0b4
MD5 hash:
c3b75676f51ae243b289a854de51b6ed
SHA1 hash:
6e130f999b3ca47df3cb806b4e71569966bc4225
Link:
https://www.unpac.me/results/b6f76cf6-02c5-4f49-af67-01eb00f58c75/
SH256 hash:
83d9e44d9a311ea6fdbcbd09fdc816a2067806dcacf24beb5ee786191b1a3ea1
MD5 hash:
b1a7b752b6638ee03cffe5a1dde9213e
SHA1 hash:
52d215a173d2f293990f8c12fc7f4a86330a29cb
Link:
https://www.unpac.me/results/b6f76cf6-02c5-4f49-af67-01eb00f58c75/
SH256 hash:
2fa9d113e4e8b6e1fd366fef0b7bf6f23fbdf076afd71877453ae67f2b6ac530
MD5 hash:
0d3cf7d71597621ce849866d114e23ed
SHA1 hash:
191ebf111d62f1b1f84a06cc069a1f7f376466fb
Link:
https://www.unpac.me/results/b6f76cf6-02c5-4f49-af67-01eb00f58c75/
SH256 hash:
089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a
MD5 hash:
f868c1e77be92a2bdcecd727781b39c2
SHA1 hash:
ab1a4db47be725a80e4b03b9f5caf9dae8f680e5
Link:
https://www.unpac.me/results/b6f76cf6-02c5-4f49-af67-01eb00f58c75/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 089c2e88733184ca2e648ccfe560f808b82962a83291023584ca69cc34d0957a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/173229/

Comments