MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17b6d35568ec53d10a6ba756f74deba911d254fa7f435dcb79109fd0c04d5df7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17b6d35568ec53d10a6ba756f74deba911d254fa7f435dcb79109fd0c04d5df7
SHA3-384 hash: 9c2a7b331073e2d81d6a6f6adf37e2741711232a8add5f5063056cc3116baed212fa80f04422451d773188b596513e0e
SHA1 hash: 648430d49679bf5f90c52670261217165cb22286
MD5 hash: 0e246d7813b9ea04cac28802062a3ddd
humanhash: carolina-item-sink-alabama
File name:SecuriteInfo.com.Trojan.PWS.StealerNET.67.29498.2792
Download: download sample
Signature AgentTesla
Create hunting rule
File size:94'720 bytes
First seen:2020-11-20 13:01:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 768:tfsY8r3551q/ctnbKZWoSGr3Zs8Cid5/Q9uzURsEodmAB3u61OI7pCsiknAVQwwN:lsYsxOZWoZ7C45Li+Bec5QsxnAV8Ocj
Threatray 10 similar samples on MalwareBazaar
TLSH D1937150DA97FC03F46E0AF708EDD23417216B5BA301C24617F1AA6B7A566634AC3E73
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Reading critical registry keys
Sending a UDP request
DNS request
Sending an HTTP GET request
Connection attempt
Sending an HTTP POST request
Creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/544160
Signature
Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17b6d35568ec53d10a6ba756f74deba911d254fa7f435dcb79109fd0c04d5df7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:01:37 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
10b4bee3772f8668715e2809dfb9b79714e3b1ac594a42f238a9b0e535e1373b
AgentTesla
297a85bb7912f7d8e148c5036d19d32f90c36378dd8116853e9b8b6179a269a3
AgentTesla
309911eeb73e0a28aa50c3e4a51121db47068398b9284432e37e6d2d44c654a4
AgentTesla
518628a52655227136f54842d662c8dfea11f017ac7ef02fd1d87080bbcbc831
AgentTesla
94d1840f932572d12ec6d9017712bcb0f937e40495ea69981b109beb323bb34a
AgentTesla
a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5
AgentTesla
b4d90bf282a7b8b8f881f38d18afd1d541bbaef226cd7979fd01b3d62cb1ea8b
AgentTesla
c0fb3989dccc0e8aa3c3b0e95a8b6cc3982c41c80930998efc1ac26613b0153e
AgentTesla
eb6472cb9139a37375c07bcf4e2e9b4744118d7b497f4858755a166468fb2574
AgentTesla
fa5ab5a2f18b43c52d2d150c80700dd9a0abfed9cfbba7261956b690f1595bfe
AgentTesla
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer
Link:
https://tria.ge/reports/201120-brb88gy6sj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Looks up external IP address via web service
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
17b6d35568ec53d10a6ba756f74deba911d254fa7f435dcb79109fd0c04d5df7
MD5 hash:
0e246d7813b9ea04cac28802062a3ddd
SHA1 hash:
648430d49679bf5f90c52670261217165cb22286
Link:
https://www.unpac.me/results/742eb316-ff28-42c0-8e7f-74ba1fc75048/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
MassLogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/17b6d35568ec53d10a6ba756f74deba911d254fa7f435dcb79109fd0c04d5df7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Quasar_RAT_1
Create hunting rule
Author:Florian Roth
Description:Detects Quasar RAT
Reference:https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 17b6d35568ec53d10a6ba756f74deba911d254fa7f435dcb79109fd0c04d5df7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/836287/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/836440/

Comments