MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15d52fd28534185ea7113b9006d708baee62a09f9544e69989166398328364fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15d52fd28534185ea7113b9006d708baee62a09f9544e69989166398328364fa
SHA3-384 hash: faa23ac28c3a6e0092016d520ae4ff5aca310c8cd61e2f5de09e9603fefa652ffe638bbcfd6acd3a47a2f330d31dc552
SHA1 hash: 0843ab5c8193dfebb5726362c033e75172badfc5
MD5 hash: 01079b8bc1cfe0bb7b70be76c4d407ff
humanhash: skylark-low-butter-football
File name:Vessels Type.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:160'016 bytes
First seen:2020-10-14 14:59:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:gQklBXdr0Kc0jn9idCGhoykjBOBHgw0FlD3i3PrAtUf2h3:Ix0KolZymHgPFlD3i3PrAtUfA
Threatray 542 similar samples on MalwareBazaar
TLSH ACF3FF04F62FDE10D1F167B297B7E1A257F02C17A533C3E6AEEA7BA5607010B1602B16
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70829/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
troj
Score:
26 / 100
Link:
https://www.joesandbox.com/analysis/491142
Signature
&
(
)
a
b
C
e
f
i
k
l
n
o
p
r
s
t
v
y
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 298052 Sample: Vessels Type.exe Startdate: 14/10/2020 Architecture: WINDOWS Score: 26 16 Connects to a pastebin service (likely for C&C) 2->16 7 Vessels Type.exe 15 2 2->7         started        process3 dnsIp4 14 hastebin.com 104.24.127.89, 443, 49743 CLOUDFLARENETUS United States 7->14 10 timeout.exe 1 7->10         started        process5 process6 12 conhost.exe 10->12         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15d52fd28534185ea7113b9006d708baee62a09f9544e69989166398328364fa/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 19:51:35 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0a9e76d04b5ad405d59b6092f545f48dac62b1ce8ed10a260e4f90edff474c24
AgentTesla
0afff32555fbbdc301d9ffc446e9bebe445d3b186a80bcdbf54342c61e4b4a4d
AgentTesla
7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351
AgentTesla
83c594ac88f5f244b256a60178ece0bf715c3c4ef0d93973ff0a741453b71ba1
AgentTesla
9c2c04c0f5948c88fd2080f911ff1fadaf42102b513249ddc0ea867d71772fab
AgentTesla
b3c33339d1d526eebdd71c8ce0d1f3d0a12be1d5325e7678924e2bfc29a84181
AgentTesla
c5a6b816ef66b1c222ca59df4e8e75eed744b3d758430eef345c78e9417aa138
AgentTesla
cbc01ffceb54ac490802cbb30bf5e913e9755d7fb4637dbcd1d34a7b3f399f2f
AgentTesla
d8dc17c4b3642e45151c21b7e02f12cda99c8c5ee51549a6f271c3ea1b436c3d
AgentTesla
df2618236af018e94e2c167826edfed81faab5a6c5ace255d84d9f07296a63c7
AgentTesla
+ 532 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201014-skp2nnq26n/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
15d52fd28534185ea7113b9006d708baee62a09f9544e69989166398328364fa
MD5 hash:
01079b8bc1cfe0bb7b70be76c4d407ff
SHA1 hash:
0843ab5c8193dfebb5726362c033e75172badfc5
Link:
https://www.unpac.me/results/43f69ca9-8f82-4fba-8b8d-d73692d2dfb4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/15d52fd28534185ea7113b9006d708baee62a09f9544e69989166398328364fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/70829/

Comments