MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fb9f299271fb5953f811971218917cabb4122c8e4cfe0331b8f802877314b8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fb9f299271fb5953f811971218917cabb4122c8e4cfe0331b8f802877314b8f
SHA3-384 hash: 28783285f8f59cb17165da7ef28d0fe0ef7275b725b92ad9bb29ca5e95e40bdebc0997fdbe4bd737ee6edda119cb9ce8
SHA1 hash: e2ef0a344be53d396d690a49e0818abf509e8f65
MD5 hash: fc90ae42243b37f93f37a1e47ae99b12
humanhash: stream-oklahoma-uranus-sad
File name:c7e89a60b49d8effb3817150010b501c
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'047'040 bytes
First seen:2020-11-17 14:48:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 24576:hE+9pos5srII7KNtlRF3GyOlEXco7RywygGhYN:Kepoo0IWktlHdOlKf1yDgGh
Threatray 194 similar samples on MalwareBazaar
TLSH 2B25E00A2BD00A1BD5BF177AE0345244937CE956D39BFB9B2959A0FC08E33688D057B7
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Creating a file in the %AppData% subdirectories
Forced shutdown of a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Changing the hosts file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fb9f299271fb5953f811971218917cabb4122c8e4cfe0331b8f802877314b8f/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:51:18 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d647fgjhd62zkp4bdfysdcixzk5uciwi4th6amy3r6acq5zrjohq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
2e132b331b416b7480762cd12eda3fba08eeff73f54042c44247419a28450708
AgentTesla
622b5044ebb502fe18158372f5f5fd40987aec1d0c860e40f6e3a77650ed94a2
AgentTesla
7543d16d9eb66ebcb61a632b705609940389665e09e7e4bdc3ec33f3612d1dcb
AgentTesla
85cdb8ba6c26cda233caea43b4f596e399b4cf7e561ac3c8c6cb4214cddf54a3
AgentTesla
a3230e59a4a3a5f499ff5d3f6a6d595ba1be76befacea3a3770d9980298d4583
AgentTesla
d8abb9259099fbb46b0d24cb342f32cfd5b3046487d55c8843bc819315da12b1
AgentTesla
d8d901bb4e3990c3eff141e0030128a484e35ca5145a46e63d43fcfb841a8c32
AgentTesla
db15c1cea9481097cc1b2071902ca0523cde0aff7e96f859cf495a153b552249
AgentTesla
de53b13e9795b9cbdb03534e3b1d7a809a8962147f10ccb10a55f2424735d130
AgentTesla
e4974ddc809773cd725cfc7070ad545ddf4aa1fc211eb77a1eaae7b7fc1a019c
AgentTesla
+ 184 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201117-xynm77gl2x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla
Unpacked files
SH256 hash:
1fb9f299271fb5953f811971218917cabb4122c8e4cfe0331b8f802877314b8f
MD5 hash:
fc90ae42243b37f93f37a1e47ae99b12
SHA1 hash:
e2ef0a344be53d396d690a49e0818abf509e8f65
Link:
https://www.unpac.me/results/6645807b-2403-4bf2-9bcf-ee610ddfec9d/
SH256 hash:
5cc09de4632dd014a2f4ce7c13fd79fbde56c8f03ee8b92a8278d3c412d3ba5d
MD5 hash:
ae90567128714a539e8af924db216a9f
SHA1 hash:
1e17be661c410bbd2318c8e6db3cc3291cebca39
Link:
https://www.unpac.me/results/6645807b-2403-4bf2-9bcf-ee610ddfec9d/
SH256 hash:
8f60ffbfad80bfde6d797e987006a050c2b0186f17b734270d9ccb521c3fbce7
MD5 hash:
aa677bb7302682d6f22c2f72e3570fcd
SHA1 hash:
4763e129acf43bc9e83f664d332024cf2b8bc2dc
Link:
https://www.unpac.me/results/6645807b-2403-4bf2-9bcf-ee610ddfec9d/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments