MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 16
| SHA256 hash: | 22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df |
|---|---|
| SHA3-384 hash: | fe4a882e56a17a5185e8d193cdcdb7077f2a60cfed49c15b2a44bff8dc2a9b3b0b97f6af86b949af1cb9280e20876c68 |
| SHA1 hash: | 3817dd0939b643af8744806f97f62284aeb54b83 |
| MD5 hash: | e3ed377ab14e39f0c07d9b201622e861 |
| humanhash: | wyoming-leopard-carbon-twenty |
| File name: | new shippment.exe |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 1'086'464 bytes |
| First seen: | 2024-07-01 12:49:46 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger) |
| ssdeep | 24576:UcKCuqwmkOTUIdbvjwhcgnc+TCC1tWY5OUrf5+x6nnjqKoe:QqweUwEf/O8WY5NL5+UjqKoe |
| Threatray | 1'506 similar samples on MalwareBazaar |
| TLSH | T1A035E05B354487ACCF6E17F61603444023A9DEBFA204D31E6FC833E399D6B965912B2B |
| TrID | 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9) |
| File icon (PE): |  |
| dhash icon | f2909696969ef66e (42 x AgentTesla, 42 x SnakeKeylogger, 13 x Formbook) |
| Reporter |  adrian__luca |
| Tags: | AgentTesla exe |
Intelligence
File Origin
# of uploads :
1
# of downloads :
351
Origin country :
HUVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Score:
99.1%
Link:
Tags:
Execution Infostealer Network Stealth Agent Tesla
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a process with a hidden window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Using the Windows Management Instrumentation requests
DNS request
Connection attempt
Sending a custom TCP request
Reading critical registry keys
Creating a window
Сreating synchronization primitives
Stealing user critical data
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Verdict:
Malicious
Result
Threat name:
AgentTesla
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Scheduled temp file as task from temp location
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
PE
Detection:
agenttesla
Threat name:
ByteCode-MSIL.Ransomware.Loki
Status:
Malicious
First seen:
2024-07-01 12:50:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
113
AV detection:
19 of 38 (50.00%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
agenttesla_v4
agenttesla
Similar samples:
+ 1'496 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Score:
10/10
Tags:
family:agenttesla execution keylogger spyware stealer trojan
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
AgentTesla
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Unpacked files
SH256 hash:
f90c9c1768e95cfeaa4c0c57ef251571f001d4454d0ca80541b55a0d4182aa5e
MD5 hash:
b79e923379b3287e3e8a039e45609660
SHA1 hash:
c94284392ae41168e81b2452033613e651bb355e
Detections:
INDICATOR_EXE_Packed_SmartAssembly
Parent samples :
6be42d7e8ab6309248ec11a362abd79226faedf4f7b9a110094f303a166b2d93
b89f9ae90e40b950bb2c2205bcb70a42da20d12d6044dea8e4a57c099846f729
0c7a66057004515fbac9276dcdbfb9594afd4316ebe900a9ead8d40f6008078a
df42aed98863b49a6f208ef3181f08ba5014cc3192c3a406dad6def44e4a3c14
11bd38092d7eda3842cd5a5dc3fed362d5a5146ae6228a66b8ac2693e9a81279
07c90d353d736c2a8015e7f1e86d4492d697360132914e1379cff9f0e0385ccc
6c721f64b26bc43ddb3cf84cdc213f3cec242df25c73bbb61ec3615fa7a5ffac
8f4cb88d415e2f69fc68b90950a51cd76edac741b2fb8ad899dd0919fab3d483
eed44dd24a2a323d4bc0cbd07e41a9eac099b9684cb1494eeec4f954a2ecfc65
2c63d5c9bece740d05d08aae01b061b9845ebc9c61aaa31417e79b59c454d7be
32ba21b45f7d4a8ed2f4d8fd0736636d4e70edcc4b956ea4c43fde4de696c0d9
a9b71bd91eac64c98a1519e907789fc4aec0bd6de47f643acf462cd4aff8aa8f
e6857118aea19c18f962e1360848b8061eceeb5a601d5a331589ae8fa412f0e7
0966f8078bd21fd4501339ee365b9305818c94c54e880af4fae5d46ecea58763
91a3a97b17a9ca19f8386aa805924d1a553f06b94b13f43c1c936d0be1782ba3
0dc82a04b6db46d96cccd1ac6808018f6c99727d21247132e8758e4cb7a572ca
5ef6dc0f7dc9b434dca80df4d614c4784fcfc693a628b0e43c564570ebaeb402
f85ceead2f82edd03a65480f3debdfd78c1a34427a99a2c50acd80f7a7deadca
115bc334419a209518a0d06220bb12bb5daa2e1ff086eddb23cf9b9191eca203
3de592415d4a458179b6fd30c0711bdc0006628c7d23d93ef223c26c82d50f9c
fab7aee1a03476b0def49395c4bda8d799c2d0302097562fcb95d23dda980633
fd05577096a8cf7e8a3955da0412f698199b9d2f53bea732351b7f2eb18819ce
281581bfe30a69a5662550433d9d7514254bccb890fa89cd2a77e3601a0b62a4
7f0f2c04a5204bcb0314fe9fdf9a3369e516e19b0ead44c8f1d3319d59010e0d
624bfb4fd94c20dd2c4db18937fe8513ee44081981612c8377fb6363f1cc2942
88ee50dbfee90121de2f56cbb6fb8e23384f2423a0598a45147fe08f6503cb3b
f1a7405298874fe0382def7c612ff12d72e7315f5aaa514122200d461717ea44
7571ed6e3695bda8a03c039b44eca04081151362ab31340fcfb31523bf0084bb
19c2d1f233ea3d256026796196e7067af26534ab46874cf4fdbacb7e73e5922a
40898401f5a784cea08158b22b5a17c33791882e6c7c79afcd25690281b73c02
253ae6027d114caeb26331508c9c916b54fe3561faf46679c06c48dad8860cac
c8d4ad014bc77975ff52fc025abc76fdb1ea9676d453eb096a4b89d0529c58ad
faf0e3fa2a040e49e3abeb69849e3a25ff621bc8499c70dcceb577ba89bb5929
cd05700b5fa43cd11f8f5763bc9340b8f8ee40cdc64765cb604ab28ee68a1d0f
505ed9f190d5f7a4b16075a09119a9c2952b2d9c7281a13c6a07f4840200e878
712c970fa57cebf6ccbe56758bb5c616f103d08a9a1404bac0b7ae3c08d6edeb
ec4ae5d1e86adee06c295ad77006d3328d144aad4fa2d0dd4fb7fa1380e21406
e2e3f3315015f5ffc74fa9f868861331fd7afae3b0396fd7911c61aa8606b0ae
a89824df9b88e6da624d0ff53b72685f10eece0d54686d9b8defb4ab9a8e5f9b
58d9c0736d0b202bc82acaedfbce1daf33c8402f58e246e8a78190f445f2c6d6
eebcd1414319130f36bea1e6c8fd29750118b145dae2d094d8a9d6aac0c619ce
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4
b5500a5c920ed8eb3519cf519186ea942f1a459570a2ea0653f33b9bf84089c5
0675bd350929e619eaf3a4f22b68d32ed19e451bb7f8aba8c6e4f242bcb791fd
a5154edc933c692bd6160ce41e1af9d27782f21ba1d25403d1cca7aac25c44a3
e75f8000fdd2081700afa2c137c683bd424d8eca3c5fa928758ba18eeca8f194
1831a7d7cb0309018b48298dee3d789eb6aed6bee466a4ec2cce27db09e458f3
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c
2ca8a08a83d98fbae1d8683cdb828b64216f9849ee539e09198db53876d419e9
ce51bc85fa9cf4a581de693c5901e0c03fff712c40f723009e393bad1a18d014
40043668b0ad9a66018432d3e9ffe7d0466a6348a8ee6250a606e841e114b270
a745afdd5cb81567de1560ead34145f713b7894058aa2097d755bf5d09b9d34f
3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6
e30e81cc9d2c5e121942bf9bbdb9f1bd164842ab3a380b25a2d7f25c9a358f7d
43ca109175c43c1c619405c79eb8d1b16b077741d87db5715ccdd58de9146bf9
52f624cf9571a843b126ac880b5f9b819774c02b35d564830d0a9117b82ca8ad
def1c893697505de0b722e6fb3e516bad1c37f8e19599920714d29861639c274
269e0464214adee11c3339c18062ab56d83d34e745f2809ff35de0bd1ba62bc2
3b253bddd8e49b0353b44254fdc82c53c1614f5c2d09e2fde95698ad3a7815a0
013e39d10c6ec3d7f91105322804e5ec7d6cff966e44659fc568957f243e67a1
eb07f292e4a46ad121d85bac9bea91ab03ffb795527d7c1c1047e7312ea597c0
d2b5d02ad0207f69484b73eae658c2c08b747b4b3125e8856c5f0df261217f1e
71c91905a377be84dca1c0965d8ef92d7c4cd53c137205699f26582cf8107476
dc74ae7a70778659ee1f27f8e772ab2513299da34c7b2eabb866152e5588720b
7289da5a1cc6d7149e862660a7f3f48db0ef1f6f8e5de991501e72bde1192be9
e9d082e59f131a020a870a416b1fbd2aa978f0706fa690080a268a5295bd8bb2
c0e6cea1456ebc9c970e4cfc70ad112501a744373e25c74ae318e9654f852da5
a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556
88fc5d96ebc31042f41c8d80e87a1d6b8c4fabe33f11717dbf417f969604af70
8c3c62aafa4ff3a976150dce366c39675fdeceb96362d9071acfd37959770d66
1ec1d53a8f8b891c32c4102cb194093296172cc21167887a7d28b09b88b8b8c8
8d39599a31cac2a8cf51d0b0d6dfd6dbafa76dd1cd33d70d0ce6a8235c662a5d
bf8c949142a94cd782ccaa81fdcda4e35b3864a1907c5be0c6665a7eb9b54cd4
d1517990df29e028a1fc4e2da10b0b51820fed7d258ddbd4c92543538e03a5c9
c9e1b0ef9cfac8e4e002a5609c366489564b246f633d0685fead77e46f7f7d61
6a38f9fba4979abf0676bfa91c7d4ee75c583a6e2ad1a4cf71a3e623b7aa8c37
8155b09e9644fbd69c30e5edbc1fa823d9b9cd224dc9dfe4af8b47ad3f1bb756
4d7d64616dd21810a0a128df33c3cc2f7332c67dc9569f1795d55fc4888177b9
7ddcda1e8561e9d96107c717c5cf5ef9a2f3ff3f5f4c1b188b92b010fc779aa2
467803efbe8c9637962cd2141757f7cdd184cc57f46d75fa8b074bd81229a3f1
a4e1544dee96f911479934ecd89b51ead1ee008026a2468f65167e0d76cb459c
6e3f83c2f76db1f32e9243e7899b98655b3e49658463560513d9a315e865add5
a01dcf8636b3ad56545d228cf3e38c3554ab5622516d1fd9e52b55249ab7fbea
d21d0451a7a8b112776118d88154bf7eab2703b13bf6ae1dcaec2f959bf42305
64874958438945a29c66851bb23bcb9483955577e941e156d559885cca4a6910
b6f0586d835acff8c86c02904729023d95b10d879a066a9eeca973deaf582e07
8647436d5b5e93de1fbaf9571e584ceaee4a620cd39b60472da87e694239c317
22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df
7cd0f4968e27515f466f0a6e6967dbc9bca2c9b75a9592e38709a2ca884c6d71
c019951411af4b89614d39e15b69e1798f267c54aebfe7e61852e4626bf00cbe
3c3de54110bc665e6d31e2455372fc489ca5f3be4e0824ca7c0b58802663dbe3
251f9b9b5d35ad3ca96da825cea2a7b95f97872a5c6994a9123e203d41093a87
2f35d828d19942c2daf1989fabb8565c56f9c2d6f3b00e3470c7785ae4ddde50
f251fe71103ef7bc4cbdbcfe9c1d7c4a595f831e51cf4064f2bfa595f47bda35
96c5089380f7452f4695bc517e83cf49f38f5de59e82d8c1142c770545941285
f211a840befa45cad5c369f64b91ff53d0dba7e98835dec3886ded59746e7333
444fb4871f9ee687f90ecf33223c91bbf263a7d66f1c665d653ce71559c557bf
8f9dbdd77e130b7238761966a9c9aa8712baf2100ddebc3d9d206ee17f8f119c
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
a2f6bbeb5c2756cfd0a71196e98f0b4f71e58101b3e39342015aad98d70d0f31
6232ba2d8c8ca87c37818660014882d4d0536d7296e08f2c37ba1c692b901f66
c42f31c68ee4a14aec74ddce249314d00813289dc36740484b09ceadf72aa0f8
6b585caaf4299c406c45a3beb76a8624d159404e1aac48a292976119c6d9b72c
0464da926fb18f221087c3d88c51b18b81d5776e559fbf9b76d8e1301c95a8b9
a5a3067e6a3c4e957152655df5c68ce4db77f8308feff43c53e7535031033be5
c08ff513ad0787ed08c72bbdcda0d166e603ea0736f5687b3dddc0f4bb87da33
0f1032dd6e6e984bd0e31d1edb45e027b12d0ec1976505dd6a4d1dd2351931ac
86329825eaf86f08f84bfc3ddd8870b5c05f47a43aba3695eea5ca4c7a0ee00b
c09cba9da1f8a6c8fbda87ce1c29455118eb13876286388a7d768ba98585aa78
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a
80b9b09d79c390fb55a56fcd01f0189e85e8cd8272befb7f35ba2a19ff9ae30b
5aac87d916d8ec903c67280fdff17ce94064c80e0717d7e102d31aa26aa003a9
67bf84d91a5494478d5910d58170c72f85c7d778d755d003b94344a691837209
5327a0f0689f136883119147b37ea30c8d917caac1135909d4b256566180b04b
f87529bd57f54630ff4e0a8391d2e02bd04df4b83ec7c2b879dc258f81103978
21d5d8b254df4c982f0d5e2289dedce8859f154b494a7a560834c6ff341028ea
09f80e5b22639c198be1ef13793c7a0ade764ed89b20a0f09ab0830f3d77eaef
be03b9620b1ae59e5a19f50ee5526a7b9bb4174e09a79cd82a5cf108ecdfd4e1
699af4e8e4d2f3b3ab73268c846f4013f677bc183b9c561279f88c0239972b9b
cb5c22f0aa405129ace6079f8dea8ac27fe89377db7adfffa3c539b59990d6be
6bddff781a97f7479e290a3fb3f34c681f98af9af4ab5dbfb14006bb63223522
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
b89f9ae90e40b950bb2c2205bcb70a42da20d12d6044dea8e4a57c099846f729
0c7a66057004515fbac9276dcdbfb9594afd4316ebe900a9ead8d40f6008078a
df42aed98863b49a6f208ef3181f08ba5014cc3192c3a406dad6def44e4a3c14
11bd38092d7eda3842cd5a5dc3fed362d5a5146ae6228a66b8ac2693e9a81279
07c90d353d736c2a8015e7f1e86d4492d697360132914e1379cff9f0e0385ccc
6c721f64b26bc43ddb3cf84cdc213f3cec242df25c73bbb61ec3615fa7a5ffac
8f4cb88d415e2f69fc68b90950a51cd76edac741b2fb8ad899dd0919fab3d483
eed44dd24a2a323d4bc0cbd07e41a9eac099b9684cb1494eeec4f954a2ecfc65
2c63d5c9bece740d05d08aae01b061b9845ebc9c61aaa31417e79b59c454d7be
32ba21b45f7d4a8ed2f4d8fd0736636d4e70edcc4b956ea4c43fde4de696c0d9
a9b71bd91eac64c98a1519e907789fc4aec0bd6de47f643acf462cd4aff8aa8f
e6857118aea19c18f962e1360848b8061eceeb5a601d5a331589ae8fa412f0e7
0966f8078bd21fd4501339ee365b9305818c94c54e880af4fae5d46ecea58763
91a3a97b17a9ca19f8386aa805924d1a553f06b94b13f43c1c936d0be1782ba3
0dc82a04b6db46d96cccd1ac6808018f6c99727d21247132e8758e4cb7a572ca
5ef6dc0f7dc9b434dca80df4d614c4784fcfc693a628b0e43c564570ebaeb402
f85ceead2f82edd03a65480f3debdfd78c1a34427a99a2c50acd80f7a7deadca
115bc334419a209518a0d06220bb12bb5daa2e1ff086eddb23cf9b9191eca203
3de592415d4a458179b6fd30c0711bdc0006628c7d23d93ef223c26c82d50f9c
fab7aee1a03476b0def49395c4bda8d799c2d0302097562fcb95d23dda980633
fd05577096a8cf7e8a3955da0412f698199b9d2f53bea732351b7f2eb18819ce
281581bfe30a69a5662550433d9d7514254bccb890fa89cd2a77e3601a0b62a4
7f0f2c04a5204bcb0314fe9fdf9a3369e516e19b0ead44c8f1d3319d59010e0d
624bfb4fd94c20dd2c4db18937fe8513ee44081981612c8377fb6363f1cc2942
88ee50dbfee90121de2f56cbb6fb8e23384f2423a0598a45147fe08f6503cb3b
f1a7405298874fe0382def7c612ff12d72e7315f5aaa514122200d461717ea44
7571ed6e3695bda8a03c039b44eca04081151362ab31340fcfb31523bf0084bb
19c2d1f233ea3d256026796196e7067af26534ab46874cf4fdbacb7e73e5922a
40898401f5a784cea08158b22b5a17c33791882e6c7c79afcd25690281b73c02
253ae6027d114caeb26331508c9c916b54fe3561faf46679c06c48dad8860cac
c8d4ad014bc77975ff52fc025abc76fdb1ea9676d453eb096a4b89d0529c58ad
faf0e3fa2a040e49e3abeb69849e3a25ff621bc8499c70dcceb577ba89bb5929
cd05700b5fa43cd11f8f5763bc9340b8f8ee40cdc64765cb604ab28ee68a1d0f
505ed9f190d5f7a4b16075a09119a9c2952b2d9c7281a13c6a07f4840200e878
712c970fa57cebf6ccbe56758bb5c616f103d08a9a1404bac0b7ae3c08d6edeb
ec4ae5d1e86adee06c295ad77006d3328d144aad4fa2d0dd4fb7fa1380e21406
e2e3f3315015f5ffc74fa9f868861331fd7afae3b0396fd7911c61aa8606b0ae
a89824df9b88e6da624d0ff53b72685f10eece0d54686d9b8defb4ab9a8e5f9b
58d9c0736d0b202bc82acaedfbce1daf33c8402f58e246e8a78190f445f2c6d6
eebcd1414319130f36bea1e6c8fd29750118b145dae2d094d8a9d6aac0c619ce
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4
b5500a5c920ed8eb3519cf519186ea942f1a459570a2ea0653f33b9bf84089c5
0675bd350929e619eaf3a4f22b68d32ed19e451bb7f8aba8c6e4f242bcb791fd
a5154edc933c692bd6160ce41e1af9d27782f21ba1d25403d1cca7aac25c44a3
e75f8000fdd2081700afa2c137c683bd424d8eca3c5fa928758ba18eeca8f194
1831a7d7cb0309018b48298dee3d789eb6aed6bee466a4ec2cce27db09e458f3
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c
2ca8a08a83d98fbae1d8683cdb828b64216f9849ee539e09198db53876d419e9
ce51bc85fa9cf4a581de693c5901e0c03fff712c40f723009e393bad1a18d014
40043668b0ad9a66018432d3e9ffe7d0466a6348a8ee6250a606e841e114b270
a745afdd5cb81567de1560ead34145f713b7894058aa2097d755bf5d09b9d34f
3c0b94f379c5c568f8f3d406b22b642d3fae60094f8dffbf2e24c87c8435e0a6
e30e81cc9d2c5e121942bf9bbdb9f1bd164842ab3a380b25a2d7f25c9a358f7d
43ca109175c43c1c619405c79eb8d1b16b077741d87db5715ccdd58de9146bf9
52f624cf9571a843b126ac880b5f9b819774c02b35d564830d0a9117b82ca8ad
def1c893697505de0b722e6fb3e516bad1c37f8e19599920714d29861639c274
269e0464214adee11c3339c18062ab56d83d34e745f2809ff35de0bd1ba62bc2
3b253bddd8e49b0353b44254fdc82c53c1614f5c2d09e2fde95698ad3a7815a0
013e39d10c6ec3d7f91105322804e5ec7d6cff966e44659fc568957f243e67a1
eb07f292e4a46ad121d85bac9bea91ab03ffb795527d7c1c1047e7312ea597c0
d2b5d02ad0207f69484b73eae658c2c08b747b4b3125e8856c5f0df261217f1e
71c91905a377be84dca1c0965d8ef92d7c4cd53c137205699f26582cf8107476
dc74ae7a70778659ee1f27f8e772ab2513299da34c7b2eabb866152e5588720b
7289da5a1cc6d7149e862660a7f3f48db0ef1f6f8e5de991501e72bde1192be9
e9d082e59f131a020a870a416b1fbd2aa978f0706fa690080a268a5295bd8bb2
c0e6cea1456ebc9c970e4cfc70ad112501a744373e25c74ae318e9654f852da5
a23d1f07dfef6b5fda6381ecf6866746d624dbc1e510073d83f431124bf7d556
88fc5d96ebc31042f41c8d80e87a1d6b8c4fabe33f11717dbf417f969604af70
8c3c62aafa4ff3a976150dce366c39675fdeceb96362d9071acfd37959770d66
1ec1d53a8f8b891c32c4102cb194093296172cc21167887a7d28b09b88b8b8c8
8d39599a31cac2a8cf51d0b0d6dfd6dbafa76dd1cd33d70d0ce6a8235c662a5d
bf8c949142a94cd782ccaa81fdcda4e35b3864a1907c5be0c6665a7eb9b54cd4
d1517990df29e028a1fc4e2da10b0b51820fed7d258ddbd4c92543538e03a5c9
c9e1b0ef9cfac8e4e002a5609c366489564b246f633d0685fead77e46f7f7d61
6a38f9fba4979abf0676bfa91c7d4ee75c583a6e2ad1a4cf71a3e623b7aa8c37
8155b09e9644fbd69c30e5edbc1fa823d9b9cd224dc9dfe4af8b47ad3f1bb756
4d7d64616dd21810a0a128df33c3cc2f7332c67dc9569f1795d55fc4888177b9
7ddcda1e8561e9d96107c717c5cf5ef9a2f3ff3f5f4c1b188b92b010fc779aa2
467803efbe8c9637962cd2141757f7cdd184cc57f46d75fa8b074bd81229a3f1
a4e1544dee96f911479934ecd89b51ead1ee008026a2468f65167e0d76cb459c
6e3f83c2f76db1f32e9243e7899b98655b3e49658463560513d9a315e865add5
a01dcf8636b3ad56545d228cf3e38c3554ab5622516d1fd9e52b55249ab7fbea
d21d0451a7a8b112776118d88154bf7eab2703b13bf6ae1dcaec2f959bf42305
64874958438945a29c66851bb23bcb9483955577e941e156d559885cca4a6910
b6f0586d835acff8c86c02904729023d95b10d879a066a9eeca973deaf582e07
8647436d5b5e93de1fbaf9571e584ceaee4a620cd39b60472da87e694239c317
22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df
7cd0f4968e27515f466f0a6e6967dbc9bca2c9b75a9592e38709a2ca884c6d71
c019951411af4b89614d39e15b69e1798f267c54aebfe7e61852e4626bf00cbe
3c3de54110bc665e6d31e2455372fc489ca5f3be4e0824ca7c0b58802663dbe3
251f9b9b5d35ad3ca96da825cea2a7b95f97872a5c6994a9123e203d41093a87
2f35d828d19942c2daf1989fabb8565c56f9c2d6f3b00e3470c7785ae4ddde50
f251fe71103ef7bc4cbdbcfe9c1d7c4a595f831e51cf4064f2bfa595f47bda35
96c5089380f7452f4695bc517e83cf49f38f5de59e82d8c1142c770545941285
f211a840befa45cad5c369f64b91ff53d0dba7e98835dec3886ded59746e7333
444fb4871f9ee687f90ecf33223c91bbf263a7d66f1c665d653ce71559c557bf
8f9dbdd77e130b7238761966a9c9aa8712baf2100ddebc3d9d206ee17f8f119c
33f7683c768daecbad44d0b27d44ff13be3340d1cb81fb59dbfd7558cca21797
a2f6bbeb5c2756cfd0a71196e98f0b4f71e58101b3e39342015aad98d70d0f31
6232ba2d8c8ca87c37818660014882d4d0536d7296e08f2c37ba1c692b901f66
c42f31c68ee4a14aec74ddce249314d00813289dc36740484b09ceadf72aa0f8
6b585caaf4299c406c45a3beb76a8624d159404e1aac48a292976119c6d9b72c
0464da926fb18f221087c3d88c51b18b81d5776e559fbf9b76d8e1301c95a8b9
a5a3067e6a3c4e957152655df5c68ce4db77f8308feff43c53e7535031033be5
c08ff513ad0787ed08c72bbdcda0d166e603ea0736f5687b3dddc0f4bb87da33
0f1032dd6e6e984bd0e31d1edb45e027b12d0ec1976505dd6a4d1dd2351931ac
86329825eaf86f08f84bfc3ddd8870b5c05f47a43aba3695eea5ca4c7a0ee00b
c09cba9da1f8a6c8fbda87ce1c29455118eb13876286388a7d768ba98585aa78
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a
80b9b09d79c390fb55a56fcd01f0189e85e8cd8272befb7f35ba2a19ff9ae30b
5aac87d916d8ec903c67280fdff17ce94064c80e0717d7e102d31aa26aa003a9
67bf84d91a5494478d5910d58170c72f85c7d778d755d003b94344a691837209
5327a0f0689f136883119147b37ea30c8d917caac1135909d4b256566180b04b
f87529bd57f54630ff4e0a8391d2e02bd04df4b83ec7c2b879dc258f81103978
21d5d8b254df4c982f0d5e2289dedce8859f154b494a7a560834c6ff341028ea
09f80e5b22639c198be1ef13793c7a0ade764ed89b20a0f09ab0830f3d77eaef
be03b9620b1ae59e5a19f50ee5526a7b9bb4174e09a79cd82a5cf108ecdfd4e1
699af4e8e4d2f3b3ab73268c846f4013f677bc183b9c561279f88c0239972b9b
cb5c22f0aa405129ace6079f8dea8ac27fe89377db7adfffa3c539b59990d6be
6bddff781a97f7479e290a3fb3f34c681f98af9af4ab5dbfb14006bb63223522
018b23732bcac6e2ccc7d8130259b5085d10dafdac74737e1456b5f38ee2c81e
SH256 hash:
6a3c257608cfc42071ea6e3d2af244ebd2a311b58a19d2f80df9a43735fee699
MD5 hash:
59d8746c12f658ab1c61668817ac939e
SHA1 hash:
c598e76688b60ab7d73d615b71358518ade4203e
SH256 hash:
cb4952b33305e97d86f398405b0bcd4bb59f61bfa16bf4f27be8a8dc2584208c
MD5 hash:
375a7c8575a28440c4e4f0b72df2f759
SHA1 hash:
960eb458a3e68b9388bafe727e6365527e20d841
Detections:
AgentTesla
win_agent_tesla_g2
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Agenttesla_type2
INDICATOR_SUSPICIOUS_Binary_References_Browsers
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
INDICATOR_EXE_Packed_GEN01
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Parent samples :
29f2f8293c3b8868dd9f057b6b7ec1a898c1e57205be359afafa433cd9cd7bb3
1c92d3868a5a6d2f87a8c0308ff37d329911dd4c43b5fbd654a69773ca6fbbbc
c2de6c81a5bc4a97ac8e34adb89a14885bfc91bc284550221d865f335f575214
d7e484c20f0341e35945ad2a6f803fcd0829a68b7dedf05430c0be06d5392ed5
d7531e4728438f15714cd44a6ed353d5117b4a3b6db1ece8b945ca8eb0b1408d
d1248b99698d1efcfddacc89384b3df62e8dce35251d7a96dbb13cd31b30f853
30118db79f45d9e495d85d5188ebc4e010a2bc33258b8b0d0d1abfd1f056502f
b2d9f8edf1b8ab56a07620a6dd37944c423604ea5e25d97de57d03f5412b9906
6443b593fc020a993974a850a6609c498398ac6d8368607dd2bc1ad1d785f38b
b3ac3ae44c087c5dc5d42c5ea8531e82f47cc6740da571a7c60624dfdb436469
0c33297e293bffec0a5728c9553044a89b5b4ef7389b2a45fb460dbc0fdf838a
5eecdaf0426291c6db36cc79cba590e61248a5364197d82228da2074a7fa3bba
57b6b7a5011b1e0d3b8a43da9c78528e3a133cd20f5f9cf72c6359dab423693a
e28f384946d7a17d59de700e40186725163b534eab150d6be5327187e7f83a28
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b
9451626c4ac447e1f325611381448ee5fc8224945bda86cf32ce94306c3cd9ec
104fa5737e0c2aafa7558bd7bd6080cf54ac125b4337f4e0515e41d9e1370a04
cd583aa76a762a640be309b14234e47081d254d416b0567afb293f219428ce46
ec4ae5d1e86adee06c295ad77006d3328d144aad4fa2d0dd4fb7fa1380e21406
cb4952b33305e97d86f398405b0bcd4bb59f61bfa16bf4f27be8a8dc2584208c
22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df
7fce3e76c6fced8598769e97c7cf34eaa6e86949bf61b75526fb3b489f6d81f7
15299cddb4e03bc2bbc2e2c057c1abf3ab063a5839e7fc933939797aa5c38fb5
b4930dde2fc721a3d6648831dd4fe2ebd5085e0218864eb48e68e54a69d7cd41
86b3feb69665d03eaf1b1a3fc4dcf8221443f9c75458f34aea20d72d05c16cfc
8e29aa00863b1746ba25132f7ecb7bcb869d3a7e647dc8d6d3255491c5ac5212
3d1e16dec7f88b3ccdf7197c64a6eea6a7d3599c12f34893d60012ffd61f15ce
d5d6f7922d87a58322e5d4ace6819497d0942b3b22dc10c52f5a37cad8e42793
07c65671acce67cfa5a214ce2285563f6b3eaeadd5afbcd21bcaa42a536f7ba6
67f4b6cba186520b5247fa0ec23e129dd20c51640662108c2b9db61cf968f17d
2da496c1cdddd81ca1e452eacc38596132cb62883d8b568ee55e2524a054facd
9c7df3a3e8174fcad51ce98aa8875fd72b8e7acadb309ad8b6ac59e8a0c1d65d
39454a1ce8c389d837bb510efe44858712813fd3ef611822af3a1e5b0f64f52a
001c5c64500979a3b3c0251a7e94292dd1a188638bc7aeb0168e9578c53eaaef
019c0bda2cdb00d88ddd70fae9c57490c14b218aa3c2e9f383f75fa415c03168
0787749d9897612314975e2943139157efcff4dbf604323d3d950c76b7555719
5da381b368562b2c5d9fce29e229c640ea428b3d4519562613f987235bc611b8
c6ca7a0c812b140b8d3e1f7ceb12f0efe6bc0f564c6312814bc9dba1255e8788
b46e55db0693853f1f96a8ba2baad879f4e700db1c976a4041427ed221538922
81313224ee12f9a06f36e6f47f95f01b1bc30e94bf9c576f3c476b3633a0302b
d2200969f527ad8529714c8fdd97ae9646eaa76c702dfcd71dd2ad7e84898cdf
914ca6ae22e3e4d3b6e4fe8442dc7e176037ce54e98dfdec5510a179f4ef3c75
d4a4e4c891bacb6ffa8884695d7d757d8dbbae18ec64370bac3f6ecc024ea334
3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6
5fd1a09cf8cee6f5529209307343ce46ab95e96b7fe6151d57e4f2d225827b3d
207836d40a534374a426bfb3eda7d988a77b2d8312b122644be1ff6659ecb59d
76930f5752402bbffccf8edeb6b07cd1ccf925c8c34853650e367cb2e0bc3e8a
7f26fab81265bdcc5ee00766756159b473e5350f77e13cddfb28b3af9480d19e
a46460f8d8d27ef7561eec3297790812f7b6187ee066ee2ffbe3cd60c2fd5ffe
e7d6f8ffb410620820c565a54f6360ad432593cb99705ab5d408e7e53c8f19ab
70a1293f9401485295f29c408954fff91895e3659daf15554f0d36acf01bb04d
e87a5cb662913f9eb7a91ba0879b534da9069f26e3176d9418b16b39eef6f9fc
af65f2da3fd19510fafbeeff3fdf3531db13eef1cf40f6bcf6580f76c8abf3e4
276ee9ca37adcf31809cad29a26c112e623e8b0d9444334247139a63563ba268
4587101c910c2af014b4f604c0ba76717c1c8b3f360ce0a191e81158b691f6cc
27bd5e4723cf6f83c2f4a5669ed07025c8c7925ee09b59861c6ec6009615e28d
97f4735ea0610794bdbb279c3d8fab019be4552788b76ea8ffcc4a53f7d731fe
db9075f1eadd4b7dfbc145d16f17c50ec345e99d3b5e3b7593f86e5b8532b4c5
8c3a603f6409c75df6f65da000fb6370e8a95da1572507a6f812d06f219c89b3
d11a5704f52bcddd56abfc1533daf7d30bc6b98ee89d81e7534f1be1343c9a6d
1de9012faa32acb0bd829ee77afa29ea04798a14152e2a624f03b08992922bea
77625c8d0612143544ef6bf2907b6f30fd4be765bdd955004885b29f388fb17d
1d1753775e003c95edf26e2938b3f7b9411c0791a5a65c77f662264e6a554156
d695f1fe44dd596d3132f964c43d9729a7df5bdcea72c504db47a41c6a648164
74b30b12fca88b189c0aec3f5af5dabb8f496811036bc4c1601b2fe49fdd96e4
f140450118202ed165b49c1a623d7e64ecf9b147254359255a734d849b9cb5d5
e71dcdd820367c9cb0b261d69c2bf74bd0d889823b75e92bc5752042a0712dd7
3d2bd0f41f351103caa9c7f99aad63c41884c7d408fba0a9c5eed5af9f5014db
c27773f8b51094bb8518e9b7e896be05144fd7f66e8b7352b974e7f42b6abc98
49a677d5dc211d01e7860854330875894852c15b14e79c19719ca47094962b77
2175bfc02e12d0136d4cdfa370226d8917b46132cbb007b04e1b79dec177b7c5
8f2d4544422f6870cebdfed81c4d0ca7db176e34166306f0fec4e4d509b773cc
750b354b873770c3702def2ba20335091b10e73f2e19e0d9f6c2164d836cf1f0
0c84b7722d83c5eba4829bcc7849e6f791fdca8a8a2c41148b2ff6ccd68e52a1
6f4245e6fc909528580e36c0ac716d6e8b19df8f6ce43bd93f526f282f3e86ec
059e6f46dc494f497e19284906976773271e9118bb7749f1aaa6cbbf4e337d39
9f178274219fc99efcbca3c85ea794c9b7a4ace49176a83a884a54794e8a1ee2
f7121d16f7c5e546edc168027fdcbeee4698b1038b035003002cee8a295468ad
2b3b53a5156b258cbe1babe783c03f3b3733c1b51a45fc6b23d84f4a84b50b84
e12f9f6dd4d092492c0d9e422da3123d88ed33ebdbb77706454e0a4a534aff5e
4b493efbc51d8cc77f3fe9e2b96070d5b9e1641a00a3f265cdb60209993fa515
6a58063fd4bfe4c9fd2bb7b17216fe3353a358a404d8b162d8b6f2a9bfc7b625
1c92d3868a5a6d2f87a8c0308ff37d329911dd4c43b5fbd654a69773ca6fbbbc
c2de6c81a5bc4a97ac8e34adb89a14885bfc91bc284550221d865f335f575214
d7e484c20f0341e35945ad2a6f803fcd0829a68b7dedf05430c0be06d5392ed5
d7531e4728438f15714cd44a6ed353d5117b4a3b6db1ece8b945ca8eb0b1408d
d1248b99698d1efcfddacc89384b3df62e8dce35251d7a96dbb13cd31b30f853
30118db79f45d9e495d85d5188ebc4e010a2bc33258b8b0d0d1abfd1f056502f
b2d9f8edf1b8ab56a07620a6dd37944c423604ea5e25d97de57d03f5412b9906
6443b593fc020a993974a850a6609c498398ac6d8368607dd2bc1ad1d785f38b
b3ac3ae44c087c5dc5d42c5ea8531e82f47cc6740da571a7c60624dfdb436469
0c33297e293bffec0a5728c9553044a89b5b4ef7389b2a45fb460dbc0fdf838a
5eecdaf0426291c6db36cc79cba590e61248a5364197d82228da2074a7fa3bba
57b6b7a5011b1e0d3b8a43da9c78528e3a133cd20f5f9cf72c6359dab423693a
e28f384946d7a17d59de700e40186725163b534eab150d6be5327187e7f83a28
dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b
9451626c4ac447e1f325611381448ee5fc8224945bda86cf32ce94306c3cd9ec
104fa5737e0c2aafa7558bd7bd6080cf54ac125b4337f4e0515e41d9e1370a04
cd583aa76a762a640be309b14234e47081d254d416b0567afb293f219428ce46
ec4ae5d1e86adee06c295ad77006d3328d144aad4fa2d0dd4fb7fa1380e21406
cb4952b33305e97d86f398405b0bcd4bb59f61bfa16bf4f27be8a8dc2584208c
22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df
7fce3e76c6fced8598769e97c7cf34eaa6e86949bf61b75526fb3b489f6d81f7
15299cddb4e03bc2bbc2e2c057c1abf3ab063a5839e7fc933939797aa5c38fb5
b4930dde2fc721a3d6648831dd4fe2ebd5085e0218864eb48e68e54a69d7cd41
86b3feb69665d03eaf1b1a3fc4dcf8221443f9c75458f34aea20d72d05c16cfc
8e29aa00863b1746ba25132f7ecb7bcb869d3a7e647dc8d6d3255491c5ac5212
3d1e16dec7f88b3ccdf7197c64a6eea6a7d3599c12f34893d60012ffd61f15ce
d5d6f7922d87a58322e5d4ace6819497d0942b3b22dc10c52f5a37cad8e42793
07c65671acce67cfa5a214ce2285563f6b3eaeadd5afbcd21bcaa42a536f7ba6
67f4b6cba186520b5247fa0ec23e129dd20c51640662108c2b9db61cf968f17d
2da496c1cdddd81ca1e452eacc38596132cb62883d8b568ee55e2524a054facd
9c7df3a3e8174fcad51ce98aa8875fd72b8e7acadb309ad8b6ac59e8a0c1d65d
39454a1ce8c389d837bb510efe44858712813fd3ef611822af3a1e5b0f64f52a
001c5c64500979a3b3c0251a7e94292dd1a188638bc7aeb0168e9578c53eaaef
019c0bda2cdb00d88ddd70fae9c57490c14b218aa3c2e9f383f75fa415c03168
0787749d9897612314975e2943139157efcff4dbf604323d3d950c76b7555719
5da381b368562b2c5d9fce29e229c640ea428b3d4519562613f987235bc611b8
c6ca7a0c812b140b8d3e1f7ceb12f0efe6bc0f564c6312814bc9dba1255e8788
b46e55db0693853f1f96a8ba2baad879f4e700db1c976a4041427ed221538922
81313224ee12f9a06f36e6f47f95f01b1bc30e94bf9c576f3c476b3633a0302b
d2200969f527ad8529714c8fdd97ae9646eaa76c702dfcd71dd2ad7e84898cdf
914ca6ae22e3e4d3b6e4fe8442dc7e176037ce54e98dfdec5510a179f4ef3c75
d4a4e4c891bacb6ffa8884695d7d757d8dbbae18ec64370bac3f6ecc024ea334
3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6
5fd1a09cf8cee6f5529209307343ce46ab95e96b7fe6151d57e4f2d225827b3d
207836d40a534374a426bfb3eda7d988a77b2d8312b122644be1ff6659ecb59d
76930f5752402bbffccf8edeb6b07cd1ccf925c8c34853650e367cb2e0bc3e8a
7f26fab81265bdcc5ee00766756159b473e5350f77e13cddfb28b3af9480d19e
a46460f8d8d27ef7561eec3297790812f7b6187ee066ee2ffbe3cd60c2fd5ffe
e7d6f8ffb410620820c565a54f6360ad432593cb99705ab5d408e7e53c8f19ab
70a1293f9401485295f29c408954fff91895e3659daf15554f0d36acf01bb04d
e87a5cb662913f9eb7a91ba0879b534da9069f26e3176d9418b16b39eef6f9fc
af65f2da3fd19510fafbeeff3fdf3531db13eef1cf40f6bcf6580f76c8abf3e4
276ee9ca37adcf31809cad29a26c112e623e8b0d9444334247139a63563ba268
4587101c910c2af014b4f604c0ba76717c1c8b3f360ce0a191e81158b691f6cc
27bd5e4723cf6f83c2f4a5669ed07025c8c7925ee09b59861c6ec6009615e28d
97f4735ea0610794bdbb279c3d8fab019be4552788b76ea8ffcc4a53f7d731fe
db9075f1eadd4b7dfbc145d16f17c50ec345e99d3b5e3b7593f86e5b8532b4c5
8c3a603f6409c75df6f65da000fb6370e8a95da1572507a6f812d06f219c89b3
d11a5704f52bcddd56abfc1533daf7d30bc6b98ee89d81e7534f1be1343c9a6d
1de9012faa32acb0bd829ee77afa29ea04798a14152e2a624f03b08992922bea
77625c8d0612143544ef6bf2907b6f30fd4be765bdd955004885b29f388fb17d
1d1753775e003c95edf26e2938b3f7b9411c0791a5a65c77f662264e6a554156
d695f1fe44dd596d3132f964c43d9729a7df5bdcea72c504db47a41c6a648164
74b30b12fca88b189c0aec3f5af5dabb8f496811036bc4c1601b2fe49fdd96e4
f140450118202ed165b49c1a623d7e64ecf9b147254359255a734d849b9cb5d5
e71dcdd820367c9cb0b261d69c2bf74bd0d889823b75e92bc5752042a0712dd7
3d2bd0f41f351103caa9c7f99aad63c41884c7d408fba0a9c5eed5af9f5014db
c27773f8b51094bb8518e9b7e896be05144fd7f66e8b7352b974e7f42b6abc98
49a677d5dc211d01e7860854330875894852c15b14e79c19719ca47094962b77
2175bfc02e12d0136d4cdfa370226d8917b46132cbb007b04e1b79dec177b7c5
8f2d4544422f6870cebdfed81c4d0ca7db176e34166306f0fec4e4d509b773cc
750b354b873770c3702def2ba20335091b10e73f2e19e0d9f6c2164d836cf1f0
0c84b7722d83c5eba4829bcc7849e6f791fdca8a8a2c41148b2ff6ccd68e52a1
6f4245e6fc909528580e36c0ac716d6e8b19df8f6ce43bd93f526f282f3e86ec
059e6f46dc494f497e19284906976773271e9118bb7749f1aaa6cbbf4e337d39
9f178274219fc99efcbca3c85ea794c9b7a4ace49176a83a884a54794e8a1ee2
f7121d16f7c5e546edc168027fdcbeee4698b1038b035003002cee8a295468ad
2b3b53a5156b258cbe1babe783c03f3b3733c1b51a45fc6b23d84f4a84b50b84
e12f9f6dd4d092492c0d9e422da3123d88ed33ebdbb77706454e0a4a534aff5e
4b493efbc51d8cc77f3fe9e2b96070d5b9e1641a00a3f265cdb60209993fa515
6a58063fd4bfe4c9fd2bb7b17216fe3353a358a404d8b162d8b6f2a9bfc7b625
SH256 hash:
ecf1257cb2839319c722daf5323ba2ed7060368b46f84610b6b6823323297826
MD5 hash:
cba51dcdec84ac14ce1eaf2ede86f28b
SHA1 hash:
2e77e64525600817d96b4d9c497135c989e608ee
SH256 hash:
22a01767b082d5ef80c5f191c653f73fc7d4f9d2742229580fd928a9a867a4df
MD5 hash:
e3ed377ab14e39f0c07d9b201622e861
SHA1 hash:
3817dd0939b643af8744806f97f62284aeb54b83
Malware family:
AgentTesla
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
0.90
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | AgentTeslaV3 |
|---|---|
| Author: | ditekshen |
| Description: | AgentTeslaV3 infostealer payload |
| Rule name: | AgentTeslaV5 |
|---|---|
| Author: | ClaudioWayne |
| Description: | AgentTeslaV5 infostealer payload |
| Rule name: | Agenttesla_type2 |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | detect Agenttesla in memory |
| Reference: | internal research |
| Rule name: | INDICATOR_EXE_Packed_GEN01 |
|---|---|
| Author: | ditekSHen |
| Description: | Detect packed .NET executables. Mostly AgentTeslaV4. |
| Rule name: | INDICATOR_SUSPICIOUS_Binary_References_Browsers |
|---|---|
| Author: | ditekSHen |
| Description: | Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables referencing many email and collaboration clients. Observed in information stealers |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables referencing many file transfer clients. Observed in information stealers |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID |
|---|---|
| Author: | ditekSHen |
| Description: | Detects executables referencing Windows vault credential objects. Observed in infostealers |
| Rule name: | malware_Agenttesla_type2 |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | detect Agenttesla in memory |
| Reference: | internal research |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| Rule name: | NETexecutableMicrosoft |
|---|---|
| Author: | malware-lu |
| Rule name: | pe_imphash |
|---|
| Rule name: | Skystars_Malware_Imphash |
|---|---|
| Author: | Skystars LightDefender |
| Description: | imphash |
| Rule name: | Windows_Generic_Threat_9f4a80b2 |
|---|---|
| Author: | Elastic Security |
| Rule name: | Windows_Trojan_AgentTesla_ebf431a8 |
|---|---|
| Author: | Elastic Security |
| Reference: | https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.