MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a440b94a68e98bea79401ae8aed0c35b86f9f713803f45431ff587edcf5bac8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	1a440b94a68e98bea79401ae8aed0c35b86f9f713803f45431ff587edcf5bac8
SHA3-384 hash:	c1728f323f4e01a31d23a5cb99a4caaaea50fb212574de5fa9246de6ba4f05e7c2b8a7c6b0d2021b4fb2323a4ac3fd66
SHA1 hash:	803ed6941c4f6cd7c6e61ac2aa772ad53bc9a54a
MD5 hash:	08a928481a037e7eb89fb27d251983b0
humanhash:	south-seven-ohio-princess
File name:	jabvet.vbs
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	479'346 bytes
First seen:	2023-06-28 17:52:34 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	12288:bCOTh3v+Yjjjjj6jjjjjqjjjjjCjjjjj1:Zt323
Threatray	4'234 similar samples on MalwareBazaar
TLSH	T124A49A411E9F5008A663BE9F47EE74EA8F3B76351A39C569014E450B0BEBED1B850F32
TrID	66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1) 33.3% (.MP3) MP3 audio (1000/1)
Reporter	malwarelabnet
Tags:	AgentTesla vbs

Intelligence

File Origin

# of uploads :

# of downloads :

150

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/403616/

Detection(s):

SecuriteInfo.com.Script.SNH-gen.9578.26877.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin pubprn

Link:

https://www.filescan.io/uploads/649c737e2aeaabaa7b7789c0/reports/c3eaea7c-ec39-4b89-8431-99bf567b9e85/overview

Verdict:

Suspicious

Labled as:

VBS/Agent.BBN

Link:

https://www.hybrid-analysis.com/sample/1a440b94a68e98bea79401ae8aed0c35b86f9f713803f45431ff587edcf5bac8

Result

Verdict:

UNKNOWN

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1262878

Signature

Antivirus detection for URL or domain

Found malware configuration

Found suspicious powershell code related to unpacking or dynamic code loading

Injects a PE file into a foreign processes

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Suspicious powershell command line found

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

VBScript performs obfuscated calls to suspicious functions

Very long command line found

Writes to foreign memory regions

Wscript starts Powershell (via cmd or directly)

Yara detected AgentTesla

Yara detected Generic Downloader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1a440b94a68e98bea79401ae8aed0c35b86f9f713803f45431ff587edcf5bac8/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=djcaxffgr2ml5j4uagxiv3imgw4g7h3rhab7ivbr75mh5xhvxlea._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

282472e5ce51674338ee76271b47826134eec156881b186646dda5a6ecd16433

AgentTesla

2eb12d18200b79353510751ef2f4fa4ef70ec48beeaab08bc16d75bacdb90463

AgentTesla

3b6936f2021bc0c7e777572f7b3d6d07cade8364d0e0c184b64772ff33093c05

AgentTesla

44e5d64cb7530cb3bf9c086a5f1cb7aa7c8a0cd61f08a316b08a95e9d629d853

AgentTesla

516b951cc8f8510145ee20df40652adf83b989c909773a2b0ad0c6123f388854

AgentTesla

590a2ffe3a7d94ea6f13f48c39affc97790afcad1d1f750144e6319ace0c42a9

AgentTesla

abe25695b67fcf9e07c535f4f8664a2828fbef735821337603a451475b7976da

AgentTesla

b01cb5bcdee9a635e42e6bec14d6cd09cc24749ab76c8e23d8a52185d9267897

AgentTesla

d864eb91e31dd606af3abb05b6fdb761d743369f228c725e49a1037736fcfb32

AgentTesla

+ 4'224 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/230628-wgaehsbd9s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Enumerates physical storage devices

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Checks computer location settings

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Blocklisted process makes network request

AgentTesla

Malware family:

AgentTesla

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/1a440b94a68e/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/1a440b94a68e98bea79401ae8aed0c35b86f9f713803f45431ff587edcf5bac8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/403616/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample