MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11eeb77d418ef5d9b701e2417ae0dc8cc73b74e65325e2ee6f371c7c17737ab5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11eeb77d418ef5d9b701e2417ae0dc8cc73b74e65325e2ee6f371c7c17737ab5
SHA3-384 hash: 493f31c7985023342610d014b657ae716c9fea9c9a49ad51bb8bc5940240a01ee130b84ad3cc704eb17274572b5d3958
SHA1 hash: 8fffec2d9cd06d92cccaee64444c1068c43ee168
MD5 hash: d0bcb155d0c3facda30a15e436be747d
humanhash: summer-three-berlin-moon
File name:Swift_92be67ab-e027-4955-b6fc-64b.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'187'840 bytes
First seen:2023-03-12 19:00:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:nCnqrH3ZQExvSJBnl88nYag6yph5a4gASLSENdy8SLVpSzc/WBoo/Wbpn2+F9rAd:CJgW88XS7lScACezaG5UWU9xOZ9z
Threatray 1'173 similar samples on MalwareBazaar
TLSH T1F745383439EA501AB173EFAA8BE475EADA6FB7733B07645D109003864723A81DDC153E
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Swift_92be67ab-e027-4955-b6fc-64b.exe
Verdict:
Malicious activity
Analysis date:
2023-03-12 19:00:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0badf225-3f6f-4864-8fde-9cae385823e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/373769/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.65881625.5915.3672.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching a process
Using the Windows Management Instrumentation requests
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Reading critical registry keys
Creating a window
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/640e213869819068058c5047/reports/afe90234-75bc-48ef-b313-d16a1cb84178/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/11eeb77d418ef5d9b701e2417ae0dc8cc73b74e65325e2ee6f371c7c17737ab5
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b2e23aa5-770a-48bf-adfc-7c313bdf9648
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1192075
Signature
Injects a PE file into a foreign processes
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11eeb77d418ef5d9b701e2417ae0dc8cc73b74e65325e2ee6f371c7c17737ab5/
Threat name:
ByteCode-MSIL.Trojan.BadNetLdr
Create hunting rule
Status:
Malicious
First seen:
2023-03-11 14:38:32 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=chxlo7kbr325tnyb4jaxvyg4rtdtw5hgkms6f3tpg4ohyf3tpk2q._file
Verdict:
malicious
Similar samples:
0dfc6c7df7c32bb5212def47800d68f6f3168f284489fffb02b723da2d284c39
AgentTesla
13e85a56084b5afcf6030fbaee89e2c49b5616eb8f7f5da934f11547b2df2d10
AgentTesla
3b185f9e2349e436272277d50a22df609a8253d0fafb2c53ea003083b2196689
AgentTesla
577a6f8ac673a1b176fd32c9b8fe01178fee10a2602e3ccbc02b3fdebfa9bf0b
AgentTesla
67388fca813133367167001c4114d6cd97b4bed24d0acdfda8b5784723a698ea
AgentTesla
88d0963292143c5ba31261b14fa12f59edcd78df1bea35281e8cf080aa1460c0
AgentTesla
91ac5e95c271f56efcf7f8c2f1ce27579242a2cdca317fd11bf7ff380c9750ed
AgentTesla
a0bf8575052b720932ab96605b4622a07453b1ace7cd73a8f262ca3e7fa7317a
AgentTesla
bcba671f1e3e1f7ab80f59d5c1cb280bfec3ca519b37820af0bb720fb5d7a8b9
AgentTesla
d46b71aebfacfb2ca951e24d2fd60487c2ef99958909fb8aabefc4c1172b8f7c
AgentTesla
+ 1'163 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/230312-xnnq6afa38/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
AgentTesla
Unpacked files
SH256 hash:
11eeb77d418ef5d9b701e2417ae0dc8cc73b74e65325e2ee6f371c7c17737ab5
MD5 hash:
d0bcb155d0c3facda30a15e436be747d
SHA1 hash:
8fffec2d9cd06d92cccaee64444c1068c43ee168
Link:
https://www.unpac.me/results/615927c3-4b7f-4cdd-8d0d-3e60d8d13bca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/11eeb77d418ef5d9b701e2417ae0dc8cc73b74e65325e2ee6f371c7c17737ab5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/373769/

Comments