MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14049278eb46d3d290717c69dda895b6df7b76600ecf63993fdfc3c5ab7beed4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 8

Intelligence 8 IOCs YARA 3 File information Comments

SHA256 hash:	14049278eb46d3d290717c69dda895b6df7b76600ecf63993fdfc3c5ab7beed4
SHA3-384 hash:	a41f1f2f3689340ffd8f7a61667934ee14bcad2fbf8465f0ac0ae3ec4022bafaa4afc883846a030fe1928c84b1c7b734
SHA1 hash:	b30f29398557b7ada6b958ac15938a40e8ac2ab8
MD5 hash:	98b1ecb74701c5937d92846b2570d787
humanhash:	green-ohio-michigan-aspen
File name:	14049278eb46d3d290717c69dda895b6df7b76600ecf63993fdfc3c5ab7beed4
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	466'944 bytes
First seen:	2020-11-12 13:54:09 UTC
Last seen:	2024-07-24 11:28:20 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a5a2707ac96c9f900f2a28bf77396ed2 (3 x AgentTesla)
ssdeep	6144:2v8iOYiyEVhT7TKqyGgGZcfeeK5A98r7Z1JAUuJGTwFQuziwRdh9w:2vzJiyauqyBGS/uA98xfLuJZdhRd
Threatray	6'983 similar samples on MalwareBazaar
TLSH	B1A4125F3F62F7D0D069567C10E2EE5109A2EA6CF0B046BAF953435FE8B6841199F432
Reporter	seifreed
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Generic-6987314-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Unauthorized injection to a recently created process

Using the Windows Management Instrumentation requests

Reading critical registry keys

Stealing user critical data

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/14049278eb46d3d290717c69dda895b6df7b76600ecf63993fdfc3c5ab7beed4/

Threat name:

Win32.Infostealer.PonyStealer

Status:

Malicious

First seen:

2020-11-12 13:55:07 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cqcje6hli3j5fedrpru53kevw3pxw5tab3hwhgj737b4lk3353ka._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

284f5d7c77eab431e6dd8bdd9e508bbd1e2e3dc467b40f68b834b1a437061061

AgentTesla

34b08faba18f426d3654081913606bb6bf768badbcf85ada8284a90494a241ed

AgentTesla

5482f1f95375aaebcc192fa70c0027d2e6bdbf3a50efefa0a10fbb80b46e74ed

AgentTesla

8a99dac3ae2da7639b0544b3f0b40f4b76ecaacd5c7c089da603bdaed39d14a9

AgentTesla

8ec3dfa660419f2ae1ad9bf98d0281f3c24dbf0b5ea22f6b1fcac34d94c1998a

AgentTesla

a02b8df94da3d8e317f611531e1c1bfe1f7811b497be27cd7613a82d411d653c

AgentTesla

a0a84ef378c8199a1b4511396d185b39d2dca86ffc608144f9d12f61d7d48cfd

AgentTesla

a30738760b8787a51d134470d53a01d3a970869a03e143514fdfa68ab6436fe6

AgentTesla

e0af0be6801a112bc8cf51fc9d1bbef16a56c4d1d9d6c68f15557a21a3e54351

AgentTesla

+ 6'973 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201112-qkv1lfa68j/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

14049278eb46d3d290717c69dda895b6df7b76600ecf63993fdfc3c5ab7beed4

MD5 hash:

98b1ecb74701c5937d92846b2570d787

SHA1 hash:

b30f29398557b7ada6b958ac15938a40e8ac2ab8

Link:

https://www.unpac.me/results/d5366f6c-64ee-4ea1-b48f-56bef180837e/

SH256 hash:

624f82fc69b1ac1a4c15b22687bc77f3fe86c06280d25d54ff939dd2d59542c2

MD5 hash:

e1e00dce5bfc53d1aba1efddcd6c42f9

SHA1 hash:

72eaa0d44352e35d9c05ca09478a1c9ac46cbb84

Detections:

win_agent_tesla_w1

Link:

https://www.unpac.me/results/d5366f6c-64ee-4ea1-b48f-56bef180837e/

SH256 hash:

d55800a825792f55999abdad199dfa54f3184417215a298910f2c12cd9cc31ee

MD5 hash:

bfb160a89f4a607a60464631ed3ed9fd

SHA1 hash:

1c981ef3eea8548a30e8d7bf8d0d61f9224288dd

Link:

https://www.unpac.me/results/d5366f6c-64ee-4ea1-b48f-56bef180837e/

SH256 hash:

55914a5d7b6df397c395c2c9c2e927bf17bd5e738a8b84d5161b5b9a0255922e

MD5 hash:

42305a269dcb198ebdd0a851a99f13b3

SHA1 hash:

7d29553401c399bf42f399cb0f791654015dec49

Link:

https://www.unpac.me/results/d5366f6c-64ee-4ea1-b48f-56bef180837e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Vcrypt

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/14049278eb46d3d290717c69dda895b6df7b76600ecf63993fdfc3c5ab7beed4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	AgentTesla_mod_tough_bin Create hunting rule
Author:	James_inthe_box
Reference:	https://app.any.run/tasks/3b5d409c-978b-4a95-a5f1-399f0216873d/

Rule name:	agent_tesla_2019 Create hunting rule
Author:	jeFF0Falltrades

Rule name:	win_agent_tesla_w1 Create hunting rule
Author:	govcert_ch
Description:	Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample