MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fe48a175b79a47314cc8ef8d5768e0a911e08da6b855faba6b41ec82bdebc4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fe48a175b79a47314cc8ef8d5768e0a911e08da6b855faba6b41ec82bdebc4b
SHA3-384 hash: 9e3266fafbe396baddf6a0f7c6dcda878744a6ee48bd8b7c0d0eaed5b0964322fc4f784bf4e7e6bf2f99db9ac9cc5c5e
SHA1 hash: 7e728b65b9053db0574e0776d05ed4fc566ea6fe
MD5 hash: 839bc500771a397808b8c7c2c3cd3836
humanhash: march-michigan-five-single
File name:AWB & Invoice #1006472.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:849'408 bytes
First seen:2022-07-20 07:23:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:rMDK/NzB0WzBiUg0XCSzsp74X6vqEEnmwIrRDVLk0IS2tClo9I6165xaafLa:rv/Nl0+sp0Vzw7hTsmo0jlhje
Threatray 18'359 similar samples on MalwareBazaar
TLSH T1D905010072BC5F93D97CA7FE5929908113F62A1B616CE7598ED2B0EF2A76F110C51E0B
TrID 64.2% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.5% (.SCR) Windows screen saver (13101/52/3)
9.2% (.EXE) Win64 Executable (generic) (10523/12/4)
5.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.9% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter cocaman
Tags:AgentTesla exe Shipping

Intelligence

File Origin
# of uploads :
1
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/292801/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.44341.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Launching a process
Creating a file
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62d7ade18fbcdde3605f63a1/reports/4883102f-9200-4e7b-b45f-8919f8fafa43/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4dcda43c-ba7d-4778-afbd-52c4b5525b46
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1037319
Behaviour
Behavior Graph:
n/a
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/0fe48a175b79a47314cc8ef8d5768e0a911e08da6b855faba6b41ec82bdebc4b/
Threat name:
ByteCode-MSIL.Spyware.SnakeLogger
Create hunting rule
Status:
Malicious
First seen:
2022-07-20 06:18:13 UTC
File Type:
PE (.Net Exe)
Extracted files:
24
AV detection:
22 of 26 (84.62%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7siuf23pgshgfgmr34nk5uobkir4cg2nocv7k5gwqpmqk66xrfq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3fe9849800694c779192d7ce7ef3ced4a0175ab96d804f3ad42d4b88413fbc5d
AgentTesla
57a45cc2512f42b829e6d52fd76edb3f1e9d6b624b8a11ca767186a82d407bc0
AgentTesla
5a18c4c25f5d71cca3b5b6a1b525982644cd2b50e7257e0b3c1e70b1aac33977
AgentTesla
85c50841a484f05259b3f8e02ed444c0403f605d33f9ee9b0afbceccadc73892
AgentTesla
8f694c851db857028d90c62e8040b9c1282e58f493e32e64acf5424d8fa6a1fb
AgentTesla
90559c9463ebde5caad3424f2ff256ede1a44a4eeebeabea11883dc041388cf9
AgentTesla
dd003ac3907eb159bc234831e5c0634d2cf13f13a33f3cbf54e487d82e38526e
AgentTesla
+ 18'349 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220720-h8ddladegj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
AgentTesla
Unpacked files
SH256 hash:
39c2d879c57f07305ce60412dc8a88f02e51f1a14a06cc605768d1d7f5313807
MD5 hash:
db51fe170a9e5d6ec5429a2fbd9d0353
SHA1 hash:
e30a58125fc41322db6cf2ccb6a6d414ed379016
Link:
https://www.unpac.me/results/e4db1e0e-8a0a-4644-a7f4-7b0e6fb180a5/
SH256 hash:
27d330457a0e742f8ea77b7c2513223672a2b3054598c2e8cf650d7612c953c8
MD5 hash:
7527dc1229149c3909e186340b6607bb
SHA1 hash:
7e3ff621989c93fece46e047aeeb2bd6adf764b8
Link:
https://www.unpac.me/results/e4db1e0e-8a0a-4644-a7f4-7b0e6fb180a5/
SH256 hash:
6621bed50ccc596ce0a9ede5c5d0141e8f9d6da9b267bf9273c4f071057a0ac6
MD5 hash:
5a39fd736a73a19f07816d4fb56ca7eb
SHA1 hash:
744898cb6ec7ed4ab56163950cac421f19033388
Link:
https://www.unpac.me/results/e4db1e0e-8a0a-4644-a7f4-7b0e6fb180a5/
SH256 hash:
f746fba8983f48ae6c46a09a465701bb3d28d919b170603b318ea6c7fc9b98ce
MD5 hash:
8bb0f7e2ce9f47fb87e3851f09938e85
SHA1 hash:
5ca699aedee7697e50f3c8a3fbf07955a2cb238f
Link:
https://www.unpac.me/results/e4db1e0e-8a0a-4644-a7f4-7b0e6fb180a5/
SH256 hash:
781c78f48dc35cb66432bd1826965cc59fb100d4d12c04432a2c92361f8364c3
MD5 hash:
4bfe50310c7b0dd87da13cc6109f0190
SHA1 hash:
2e3cfcf114927e004ea7788b29e5dc45c5f9e246
Link:
https://www.unpac.me/results/e4db1e0e-8a0a-4644-a7f4-7b0e6fb180a5/
SH256 hash:
0fe48a175b79a47314cc8ef8d5768e0a911e08da6b855faba6b41ec82bdebc4b
MD5 hash:
839bc500771a397808b8c7c2c3cd3836
SHA1 hash:
7e728b65b9053db0574e0776d05ed4fc566ea6fe
Link:
https://www.unpac.me/results/e4db1e0e-8a0a-4644-a7f4-7b0e6fb180a5/
Malware family:
AgentTesla.v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0fe48a175b79/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0fe48a175b79a47314cc8ef8d5768e0a911e08da6b855faba6b41ec82bdebc4b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4bde9f43841d29ce72a20deec55e7081f0c387ebfcdf24ab2e2af88e298d79d0

AgentTesla

Executable exe 0fe48a175b79a47314cc8ef8d5768e0a911e08da6b855faba6b41ec82bdebc4b

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 4bde9f43841d29ce72a20deec55e7081f0c387ebfcdf24ab2e2af88e298d79d0
Cape
Cape
https://www.capesandbox.com/analysis/292801/
  
Dropped by
MD5 f56f1bd0d91977a6bc17688269215fcb

Comments