MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca
SHA3-384 hash: 08be43822355232e51d041e19f0efbc33c210cf4bff97e35b12cf7fdf2b0df3bd4b5350b3e6cf0cb55ac594ff24c54a3
SHA1 hash: 5d9352b3cac0d3d5bdd53eca90f9536c12ac143b
MD5 hash: 4d2ab9cd4b97966f1c0e817490fbc330
humanhash: quiet-quebec-mirror-nuts
File name:REVISED_EPDA _ Statment & Tuticorin MV GRACE.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:959'304 bytes
First seen:2021-02-09 06:20:39 UTC
Last seen:2021-02-09 12:13:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8e07a9a5b0478a28ef2ed98fdb216dea (5 x RemcosRAT, 1 x AgentTesla)
ssdeep 12288:wO0ZG/0U8iJ5MxnpC8aQscNe1IsPaD7nug8g9JidEtOUQdCvv:wOhvMtZaQscN+Cug8UomFACH
Threatray 46 similar samples on MalwareBazaar
TLSH ED153AA17D71DCEAD3A72DBD49425264052E7CC8A908F42D57B0BDCAFA30684F95B80F
Reporter cocaman
Tags:AgentTesla exe signed

Code Signing Certificate

Organisation:MEDIATEK INC.
Issuer:Symantec Class 3 SHA256 Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2015-08-24T00:00:00Z
Valid to:2017-06-24T23:59:59Z
Serial number: 635517466b67bd4bba805bc67ac3328c
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: d95697633ca6617fc3936148dccdcbcf3626430631889b134626e6442267dc2f
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
REVISED_EPDA _ Statment & Tuticorin MV GRACE.exe
Verdict:
Malicious activity
Analysis date:
2021-02-09 06:23:16 UTC
Tags:
installer rat agenttesla
Link:
https://app.any.run/tasks/496e62a6-790b-4032-a95a-5f1999bb6251

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116106/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Deleting a recently created file
Launching a process
BSOD occurred
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Forced shutdown of a system process
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/602534
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Svchost Process
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 06:21:12 UTC
File Type:
PE (Exe)
Extracted files:
70
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmzwsilmcj6mkpt4cbimyxreaea4ckbmudal7f2ppyodxyaattfa._file
Verdict:
malicious
Similar samples:
235602d2819de318cb16c1653d3e2500b64688ad18f8f4e960dff1ab0b7e4b74
AgentTesla
357ab6a0cf97d36af99606bce098c476c4a24085f4d972038b11b3570486d620
AgentTesla
56fec820ce36b3b5f155dba31e5ba880078fc7bcc6420fc2fb4ca5af6ac5725b
AgentTesla
5edcaa5dd9d8d6726e02b8bd53b8c8695d781d9c324ac4805da72daf3cf5df0d
AgentTesla
798fc4066cf0b5e0c6711d32ca8d43afc7d4b99f333c184b7fd0b7d3b7eb7559
AgentTesla
895d91361b7463bb678ee12f902579a5897d72bc0717784bdf017e703b3097fd
AgentTesla
95b9a66abb8bb765e9a831ee0da955a879fbda3d8b52174f69aa4db7ca53ba09
AgentTesla
a8889ff384c38b97b5a48ef4e9586df7c281f40e2719fe248b0d252832969521
AgentTesla
f22c7b400f9e06797188424e3a849218cb7a1fd76437a988f60391fa5e17dfca
AgentTesla
f4f0c2b0fcc641a850b0aaf356f5119f7d6568be3d4b5251a6c6dec1b3e7920f
AgentTesla
+ 36 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210209-h2jgdly45a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
AgentTesla
Unpacked files
SH256 hash:
d2f876d808e77cfce00ded4bfc541671c500f0ea9ea873c04333c554ea54a791
MD5 hash:
e561fb27b26e5d960fd61580e5fb35bd
SHA1 hash:
5df94fbbf001b70e2f20f4a3101de45d321016e5
Link:
https://www.unpac.me/results/0ce183dc-a26c-4ff3-a9af-2d640fbcc08a/
SH256 hash:
0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca
MD5 hash:
4d2ab9cd4b97966f1c0e817490fbc330
SHA1 hash:
5d9352b3cac0d3d5bdd53eca90f9536c12ac143b
Link:
https://www.unpac.me/results/0ce183dc-a26c-4ff3-a9af-2d640fbcc08a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r01 b03468b8b4c5f5314fad4fe0890919034dc6774442c5e5463d76e30707d6d29c

AgentTesla

Executable exe 0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 b03468b8b4c5f5314fad4fe0890919034dc6774442c5e5463d76e30707d6d29c
Cape
Cape
https://www.capesandbox.com/analysis/116106/

Comments