MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d33d9f8bccc11aacad8a24e7342d8dea181854df3258cff47020b23a0a754aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d33d9f8bccc11aacad8a24e7342d8dea181854df3258cff47020b23a0a754aa
SHA3-384 hash: e2b56d0ea51562012334a2e9db8b75165a90f30e4043b292425d2c7c8fd07fd1d591b6ce2316501a6ab200754a6bd75a
SHA1 hash: 308d43fcccacbcba900bab7e693baa3405275b24
MD5 hash: a50f0eff3a5526342c9b086546deb2c5
humanhash: shade-sixteen-fourteen-mountain
File name:a50f0eff3a5526342c9b086546deb2c5.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:742'400 bytes
First seen:2020-12-22 12:24:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 25df29f5f4fbc6abd76bc0c23b905dc7 (1 x AgentTesla)
ssdeep 12288:A1BBzGfMfLJuMvgLuB7v3NjyUL25t6756MMy8ykMmXRd33MvaqYLdldp1Uk:A/BzGILJuMvgLs7PNFL25Py3yMcdldpe
Threatray 80 similar samples on MalwareBazaar
TLSH 74F48EB0F481257AC0A3343C2324F27391AFA4B19F28865F17C62D6A5D79D92C67AF53
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
287
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a50f0eff3a5526342c9b086546deb2c5.exe
Verdict:
Suspicious activity
Analysis date:
2020-12-22 12:36:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a51485a4-561d-4ec7-9442-5d8b5b0f1874

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108841/
Detection(s):
PUA.Win.Adware.Bang5mai-6804572-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Connection attempt
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/568450
Signature
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Yara detected RedLine Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d33d9f8bccc11aacad8a24e7342d8dea181854df3258cff47020b23a0a754aa/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-22 12:25:05 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
0a9800943c4ee6e6a00e7752dbc4220d6d29e772061ca715b32589f57b5f469e
AgentTesla
0d5bfc0c20d8142640a572b53e611015b225c0312faac51006c299e59a061a8a
AgentTesla
2e9882890084e20e399f92139f05dbe5bd880523eb00f4a5ff953a814f7b76fb
AgentTesla
33f6371aa2a9ab319f7292e4e589aff44894f639767cc174e487dc1672ee03d2
AgentTesla
5637daf1b0a5e312bf2118b89083c186fa32f074a12006ef7df0e49ce51f40c1
AgentTesla
91fb579cf12c337d31c8b753b06352cc334c3720568c2c6ddfe2dc164b5a8b1c
AgentTesla
b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2
AgentTesla
b9ff9371b8d7b58efd56d5d5b7e63b71db6053be98c3b072e8743fd664c6b29b
AgentTesla
ba483bee9e68e055952e71255eb24bd6ca52c1238d3efe96bcb66506e80e6792
AgentTesla
cb30058013faed163ca721e3818ae8c1429adeb96b74e53db2640cf27432da83
AgentTesla
+ 70 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201222-9xjygq6pve/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
1d33d9f8bccc11aacad8a24e7342d8dea181854df3258cff47020b23a0a754aa
MD5 hash:
a50f0eff3a5526342c9b086546deb2c5
SHA1 hash:
308d43fcccacbcba900bab7e693baa3405275b24
Link:
https://www.unpac.me/results/45f94812-2cc8-4e0b-8dd5-98119d4fb13e/
SH256 hash:
435e9e52e4ff4ecde13faf5f406ca87fbc8b4982b198136249f007eb28019356
MD5 hash:
1db6e3830f1023781a1bb6d08f09857d
SHA1 hash:
eca3f317890bee3255d66f307dfd5d40f4e5a8c8
Detections:
win_redline_stealer_g0
Create hunting rule
Link:
https://www.unpac.me/results/45f94812-2cc8-4e0b-8dd5-98119d4fb13e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d33d9f8bccc11aacad8a24e7342d8dea181854df3258cff47020b23a0a754aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 1d33d9f8bccc11aacad8a24e7342d8dea181854df3258cff47020b23a0a754aa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/938080/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108841/

Comments