MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14fcbebcc9d8c68ee30c888473ddb5fb08d4f0026b506c66668acb8c49ff0146. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14fcbebcc9d8c68ee30c888473ddb5fb08d4f0026b506c66668acb8c49ff0146
SHA3-384 hash: d27cfc70f814dd2aaaab3cb4525fbaf77c2831dc990dfcb64e16d108060d011461c77b7ff477822d6483d2556da87b85
SHA1 hash: 9f42d4cb3fbab8df3af3142488823b485501c4fa
MD5 hash: 5ca7849e5cf627ad3d601731b6a3896c
humanhash: princess-alaska-carbon-harry
File name:5ca7849e5cf627ad3d601731b6a3896c.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:751'616 bytes
First seen:2020-09-26 07:44:51 UTC
Last seen:2020-09-26 08:39:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:4sGilfIfJkrWEm0Zux8Y8nMdHWis/UGgg7ax03/hghqFBODNs:4sGcf3o0Q6NnaHW7UVY/q5Zs
Threatray 233 similar samples on MalwareBazaar
TLSH EAF4F1267A58AF4AE17D637DD021290543F0E41BE312EA4BFCFA09CF5116F92867364B
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/66033/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.435.10715.28820.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/475752
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Found malware configuration
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14fcbebcc9d8c68ee30c888473ddb5fb08d4f0026b506c66668acb8c49ff0146/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-09-23 01:54:59 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ct6l5pgj3ddi5yymrcchhxnv7menj4acnnigyztgrlfyysp7afda._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0c121b8b0d5cb95df98ef017aee09a33d858d96b3d849c30c8735384c89a22c4
AgentTesla
18a2826ae0c8ce3e76a5cb806e89d0070f70cc372cf37468721b8caf8529f401
AgentTesla
51c6d5ac53034179bcbec97268efdd665f30692376284fed57bb257f42fe17c8
AgentTesla
529a07889f04d93d54830021a424321fd763b41fe8b8941de3ea1c79eae21532
AgentTesla
778999d611a2a22f82d48b71e94588b86336376e30b07cb1c3f2230959cc10ab
AgentTesla
bc2e03ca292da305602c8755453fa87073810a6359f2ec9a0935fe3bb51ef886
AgentTesla
c01acd7c0f1362bc8c9592e676a8293947fe9d2973b02a0722ece823fe3c640b
AgentTesla
cf22a4ba35e94ec83bdf1aec7b4422009aa33f7c6a2c707513d7b1a9eafb368c
AgentTesla
d325caa897cf6cbf6bbc4f627e39d2376d9f6a3a37c17f91d670aec577d01ea0
AgentTesla
dc17f58054bc14cd28845998cad76324467d4a028a063dbd3846b2de0df5c89c
AgentTesla
+ 223 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/200926-sxccn3ay6x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
14fcbebcc9d8c68ee30c888473ddb5fb08d4f0026b506c66668acb8c49ff0146
MD5 hash:
5ca7849e5cf627ad3d601731b6a3896c
SHA1 hash:
9f42d4cb3fbab8df3af3142488823b485501c4fa
Link:
https://www.unpac.me/results/0448fb1c-a8a1-453f-b806-f0ff53ab477e/
SH256 hash:
862f939c77db3acb1983bc830e0af917301207cb3520f395e5a6f065c83023ff
MD5 hash:
099a7fd347a7ee39301ed14db9e7f63c
SHA1 hash:
0566b4feae85963ad96cefbf5092ff72a687f9f1
Link:
https://www.unpac.me/results/0448fb1c-a8a1-453f-b806-f0ff53ab477e/
SH256 hash:
35fed4e8b2de8cea593e3c0ed2415009c133a53385dc2385fb69e0cc9d73d591
MD5 hash:
463f14d96fdd493a1fe749d6d9f2ee53
SHA1 hash:
2c249e1d9e671e0c422d0f22ccfaf3c6dc7fd9c9
Link:
https://www.unpac.me/results/0448fb1c-a8a1-453f-b806-f0ff53ab477e/
SH256 hash:
cfc7e65cacd169f68af241376154d63bc35e5558fb2c1e8c57495592e27b493e
MD5 hash:
c9c4206e737be31e4861fa05e59a4e14
SHA1 hash:
83d1e7928abd7903ba45c3c5f994dddc6dc3b3b8
Link:
https://www.unpac.me/results/0448fb1c-a8a1-453f-b806-f0ff53ab477e/
SH256 hash:
785261875049471f6432827571071af39fdb06ec0a223224c12792201a9f66e5
MD5 hash:
e41b095949e16c551511c80acfc18ac2
SHA1 hash:
c1c9299481d8604297151f48ac8c790c9e920504
Link:
https://www.unpac.me/results/0448fb1c-a8a1-453f-b806-f0ff53ab477e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 14fcbebcc9d8c68ee30c888473ddb5fb08d4f0026b506c66668acb8c49ff0146

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/66033/
  
URLhaus
https://urlhaus.abuse.ch/url/603843/
  
Delivery method
Distributed via web download

Comments