MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
SHA3-384 hash: 25e7db08903948a78198b496e9dc7b785b4016cc267ad16e00edf2f24726d079b747ea9ef37808124c610003a1a5387d
SHA1 hash: ec76b2f995f60f6c17ceee18a1cda4ff289bf96a
MD5 hash: 0d3e8be0c416afaf2e91728f83b2953b
humanhash: tennis-oven-twenty-friend
File name:0d3e8be0c416afaf2e91728f83b2953b
Download: download sample
Signature AgentTesla
Create hunting rule
File size:896'000 bytes
First seen:2023-12-14 14:24:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:ofAZfcahsQmDWOs7B0oLtBNvXVN9iArxl569nsUmoOf5/lx/cAN2KLFUziYavcCp:oJ1s7SgXNvX1mnV8fD3wSCzincCrTZ
Threatray 3'855 similar samples on MalwareBazaar
TLSH T1B515E00472B85F9AE0BB57F99590212083B3F546B87EF7594EC160DB0EA6F204E47B1B
TrID 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.0% (.EXE) Win64 Executable (generic) (10523/12/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
314
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/467479/
Detection(s):
SecuriteInfo.com.Win32.TrojanX-gen.11122.25593.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Using the Windows Management Instrumentation requests
Reading critical registry keys
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/657b10448b5ba47db2e273f9/reports/74c84f25-91e0-442f-ab65-0b9999563e83/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f803b299-811c-4b28-9a12-e84e9dd181d0
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1362180
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-12-14 14:25:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
17
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=culg7oo2jlaftkp3r53wuze6soi6thph2kw3elfuncackt6kagwq._file
Verdict:
malicious
Label(s):
agenttesla_v4
Create hunting rule
agenttesla
Create hunting rule
Similar samples:
15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
AgentTesla
48ef496367a300605f93d8d5f650a7a9a9e333c6acae2770efd78181bdd293aa
AgentTesla
4a699a693c63228aebd3e0bc98d92fe2d8bb7ae487992e81cfee767f0b9ed1bf
AgentTesla
63ed0ac5ef8a514cfe2d1dbb716ab354a07b770c62826978ba2a012905bcde9d
AgentTesla
89bc9fdb7d1d93a49c7cf3ccfff8ec5c174a44dd580e63e3cb47de448e9daefc
AgentTesla
c19e44f612b1b11dacfbed23b9de1b2af9035fe080438615d8f38f2ed079e93c
AgentTesla
cd71376c12e5a0c3fdd2ea32556623ef987eaa4330d88547996bb29c444cafa6
AgentTesla
e2f7fb5aad34116772b8667f4b40002ad59a5f81516b66c1ce9c5874f089ce6d
AgentTesla
fe3e332e92b8a7b5cdb04b878d350ae200d3310267ab8e9ea5cef6651f94dbe8
AgentTesla
+ 3'845 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/231214-rq95aaecdl/
Unpacked files
SH256 hash:
fda47fd1db64c284c5fe8154d14f1c880c689988a6a6cfabef34ed98c0647e38
MD5 hash:
70f2374139c553e8c7ebe9c3a9b43654
SHA1 hash:
fffc8a43cf276650cfc7e4aae70fe580df968724
Link:
https://www.unpac.me/results/f21573e6-9d1c-4d53-b9e6-f48833bde883/
SH256 hash:
c5328f7af843244b56d6a208c322a9315daea139d1b255cda993b243e4394ecf
MD5 hash:
160f4669c06c6496d79a92ea9d33e89b
SHA1 hash:
baae226fdb2a9739f118db781bdc74f2efc6a585
Link:
https://www.unpac.me/results/f21573e6-9d1c-4d53-b9e6-f48833bde883/
SH256 hash:
25b01b18b3087ad4bff160cf1c4e57159eba2fc86364eaaf303c88312dfa00d1
MD5 hash:
a4d3a2a7a7a67f335bbe0ea3d760bb7c
SHA1 hash:
8f5954fb483a8139681ac0519b2942513f0e50ee
Detections:
AgentTesla
Create hunting rule
win_agent_tesla_bytecodes_sep_2023
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
Link:
https://www.unpac.me/results/f21573e6-9d1c-4d53-b9e6-f48833bde883/
Parent samples :
15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa
SH256 hash:
9ba523da9c7463d751b6359e4118bef43cbd70a0876305553724f5101f9d50f6
MD5 hash:
77beca6d3219f9d136da8ff5083d2a62
SHA1 hash:
4bbdb0a90e52a77628e807cd765476aa680650b0
Link:
https://www.unpac.me/results/f21573e6-9d1c-4d53-b9e6-f48833bde883/
SH256 hash:
15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
MD5 hash:
0d3e8be0c416afaf2e91728f83b2953b
SHA1 hash:
ec76b2f995f60f6c17ceee18a1cda4ff289bf96a
Link:
https://www.unpac.me/results/f21573e6-9d1c-4d53-b9e6-f48833bde883/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/15166fb9da4a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/467479/
  
URLhaus
https://urlhaus.abuse.ch/url/2740556/

Comments


Avatar
zbet commented on 2023-12-14 14:24:13 UTC

url : hxxp://sagheur.top/neuvo/nigown.exe