MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c
SHA3-384 hash: 6a52bf0483d57a05dc93eccf54c9f27ffd1b8eff0d302b25bf9d435c66f93f28f7deee37ba6458be1ea62b524a7e0692
SHA1 hash: 431f49a3af89eef2f8fc45002491b626523b312b
MD5 hash: 89ebe827b46d7e08adb6aa47e3761fed
humanhash: november-april-blossom-mango
File name:89ebe827b46d7e08adb6aa47e3761fed
Download: download sample
Signature AgentTesla
Create hunting rule
File size:503'296 bytes
First seen:2023-12-19 04:36:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:eaH2iNT0oLtjMvbF4y+D3wfGauc250jX+LCz7:ey1agajF4dDDcE0jX9
Threatray 325 similar samples on MalwareBazaar
TLSH T1C3B40224337DEF77D97A47F60921200443B1297AA663F7885DC271DA29B6F00AB51F27
TrID 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.2% (.SCR) Windows screen saver (13097/50/3)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
304
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
financeXcopy.doc
Verdict:
Malicious activity
Analysis date:
2023-12-18 17:34:55 UTC
Tags:
loader exploit cve-2017-11882
Link:
https://app.any.run/tasks/f50ba27a-581d-412a-88bc-bb03a7906f6a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468388/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Searching for synchronization primitives
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65811db4eabaed0701716146/reports/cc5384f1-d0c3-49d5-858e-64b0f001ecf8/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3d7aac64-e501-49e6-9783-960e9b6f5961
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1364307
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1364307 Sample: L3H3UoEiGf.exe Startdate: 19/12/2023 Architecture: WINDOWS Score: 76 14 Antivirus detection for URL or domain 2->14 16 Multi AV Scanner detection for submitted file 2->16 18 Yara detected AntiVM3 2->18 20 2 other signatures 2->20 7 L3H3UoEiGf.exe 3 2->7         started        process3 signatures4 22 Injects a PE file into a foreign processes 7->22 10 L3H3UoEiGf.exe 7->10         started        process5 process6 12 WerFault.exe 21 16 10->12         started       
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c/
Threat name:
ByteCode-MSIL.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2023-12-15 17:23:14 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
19 of 23 (82.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=co3um3d2crcdw4ynmnkvsmbnboviels4bo7bzzhmntm6d2u5gf6a._file
Verdict:
malicious
Label(s):
agenttesla_v4
Create hunting rule
Similar samples:
246dffa57c6a16da3637457c2b4842f4d94910419be364546cb56d14b0973c9a
AgentTesla
a1f0549c87d8f85082139d291768119dd287b04eede4786516579901bfc261cf
AgentTesla
a50c08375ddd2954e1f0082afddecbe511c8cd55111471b34d9820f2874cdf04
AgentTesla
ab4bf405f7974a896d2908640ee1e09281035911ea6760076d2cc1271afc3869
AgentTesla
f3822be58e564a1b2a398a19230c9c883db834f2728123af346eb7e74c3a86c7
AgentTesla
fabea9a712e2a0ecb7c652950ff743c8d3c937fb3e24ad6c286f2c5cf6c00a45
AgentTesla
+ 315 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/231219-e8ae6aged2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
62e0f0dc6dd3249877cf99d1bd22daa99b40be810cb1ed1bc7430baf2b23e82c
MD5 hash:
c19892be68b83e3ec92a120b285b71eb
SHA1 hash:
fde4155bde9cf9d06cf3b9daf7ec2c251d92439f
Link:
https://www.unpac.me/results/69e8b671-1e90-4a55-8023-07f4103f282a/
SH256 hash:
d01f3dea3851602ba5a0586c60430d286adf6fcc7e17aab080601a66630606e5
MD5 hash:
579197d4f760148a9482d1ebde113259
SHA1 hash:
cf6924eb360c7e5a117323bebcb6ee02d2aec86d
Link:
https://www.unpac.me/results/69e8b671-1e90-4a55-8023-07f4103f282a/
SH256 hash:
c5328f7af843244b56d6a208c322a9315daea139d1b255cda993b243e4394ecf
MD5 hash:
160f4669c06c6496d79a92ea9d33e89b
SHA1 hash:
baae226fdb2a9739f118db781bdc74f2efc6a585
Link:
https://www.unpac.me/results/69e8b671-1e90-4a55-8023-07f4103f282a/
SH256 hash:
5d1e1615d38a40f7b6dac9820ea8dfd2d95df4f5fcbfc9764671f160b2ae0767
MD5 hash:
15b6f440537d41ae4d17e2b300912dbf
SHA1 hash:
8da12e6210ab9d4c6e1f2e69864ec3f9bb62ebc6
Link:
https://www.unpac.me/results/69e8b671-1e90-4a55-8023-07f4103f282a/
SH256 hash:
13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c
MD5 hash:
89ebe827b46d7e08adb6aa47e3761fed
SHA1 hash:
431f49a3af89eef2f8fc45002491b626523b312b
Link:
https://www.unpac.me/results/69e8b671-1e90-4a55-8023-07f4103f282a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 13b7466c7a14443b730d635559302d0baa822e5c0bbe1ce4ec6cd9e1ea9d317c

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2742013/
Cape
Cape
https://www.capesandbox.com/analysis/468388/

Comments


Avatar
zbet commented on 2023-12-19 04:36:03 UTC

url : hxxps://china.dhabigroup.top/_errorpages/spfasiazx.exe