MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a86f37c4830102f274d8d26e167412e5f0d8e82d66008d63066e1c48e285e38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a86f37c4830102f274d8d26e167412e5f0d8e82d66008d63066e1c48e285e38
SHA3-384 hash: 61f1254013ab5d3d6fedc69bc59a2daf65475f78040c75596efb1a2740f377f27e33386a4178797f3e23911c880b2b95
SHA1 hash: 6b0650fd532532d5206768d86c3529e550641adf
MD5 hash: 5ed5b94897d82472b563b234a98d6fe9
humanhash: glucose-cola-early-princess
File name:5ed5b94897d82472b563b234a98d6fe9.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:948'736 bytes
First seen:2021-02-18 15:56:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:KKPFKLriziS1NtoqrrTO8Xz5s0N0Y1DvBXgic1+yuAf:Ei/tPvTZXz4Y17l/cn
Threatray 7 similar samples on MalwareBazaar
TLSH AB15F17223D86F86E53DC7749E21100093F1BA5ECB66F68E3FE450DE2924F444AA6B17
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
feb 17 processing .xlsx
Verdict:
Malicious activity
Analysis date:
2021-02-18 14:15:03 UTC
Tags:
encrypted exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/6f9ce174-6e61-4ab7-ba30-8f4fb2fbd0a1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117834/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.545.17179.14632.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/611818
Signature
.NET source code contains potential unpacker
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 354921 Sample: IH34iNKRd4.exe Startdate: 18/02/2021 Architecture: WINDOWS Score: 76 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected AgentTesla 2->21 23 Yara detected AntiVM_3 2->23 25 3 other signatures 2->25 6 IH34iNKRd4.exe 3 2->6         started        process3 file4 17 C:\Users\user\AppData\...\IH34iNKRd4.exe.log, ASCII 6->17 dropped 9 IH34iNKRd4.exe 6->9         started        11 IH34iNKRd4.exe 6->11         started        13 IH34iNKRd4.exe 6->13         started        15 2 other processes 6->15 process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a86f37c4830102f274d8d26e167412e5f0d8e82d66008d63066e1c48e285e38/
Threat name:
ByteCode-MSIL.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2021-02-18 14:03:45 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dkdpg7cigaic6j2nrutocz2bfzpq3duc2zqarvrqm3q4jdrily4a._file
Verdict:
unknown
Similar samples:
0c10d7fbab534bfee1ca3408fa01a956c99ae6c52d565bbb584c486eff2eaa2c
AgentTesla
190125119b36f51385b347e64c4a679c67b0ae754a6032f04f2f9988cce6f6e0
AgentTesla
4328e4ac330339d884b95d99128404d4f8b5d6b695a9f583ff4c3f3a61ac4ff8
AgentTesla
4923efabccafed3267ca2ebcbca5a233aa67997f6f47dc279f97917b0fecd248
AgentTesla
75a02ca03fa09ee68ee93a059aa86f14d66276985514c4b3597f9f62a36708b1
AgentTesla
c717b4f3c2f893a8f09d76e534da3febfc671eac69b807670bedfc78adcb86c2
AgentTesla
d509c4f1ddd6e950b6dd0937275519234c856d7b75e16c6d3a9d1ac2434da345
AgentTesla
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210218-qh5krwfv7j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
b2f91d1427c7b60a3ad485bed04ba75636560783c9265a8f26542d5f6aa5d8a9
MD5 hash:
5ad6dc03137fc80e4e691f4b409d9120
SHA1 hash:
edb38e49ce79ecce33ce9a891df56468c3a4016e
Link:
https://www.unpac.me/results/68f31922-4b49-4275-adad-722e347e3dfa/
SH256 hash:
1a86f37c4830102f274d8d26e167412e5f0d8e82d66008d63066e1c48e285e38
MD5 hash:
5ed5b94897d82472b563b234a98d6fe9
SHA1 hash:
6b0650fd532532d5206768d86c3529e550641adf
Link:
https://www.unpac.me/results/68f31922-4b49-4275-adad-722e347e3dfa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1a86f37c4830102f274d8d26e167412e5f0d8e82d66008d63066e1c48e285e38

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 1a86f37c4830102f274d8d26e167412e5f0d8e82d66008d63066e1c48e285e38

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1017034/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/117834/

Comments