MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 232da40c6835fdd4da0ca25b383098ff2ec0251b7fefe04c09ac82943dc8b197. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 232da40c6835fdd4da0ca25b383098ff2ec0251b7fefe04c09ac82943dc8b197
SHA3-384 hash: 0bddef1243422d18f685b35ecd84b0a77d122269f543fbb1ac0387825bcdc4b45a3dddd3408466e810fc8fa309e41ce4
SHA1 hash: f4eb67dedc809d70d424a77decfa897de510dc57
MD5 hash: 002b767cf93223d2ec70971cbdab86bc
humanhash: spring-equal-vermont-hydrogen
File name:BILL OF LADING DOCS.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:251'904 bytes
First seen:2020-11-18 06:45:21 UTC
Last seen:2020-11-18 09:19:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:nUKocByzitsJCnRITV1USDEpZYrWj42Pb1v0AjMH3otASN9vEsSUTnu2+iHoavb7:Voczs0nTUEpZYrqv8MaoiSYZU+jajj8
Threatray 2 similar samples on MalwareBazaar
TLSH 1934DF04A5CDC9D2D929873D76A26831072DB07F68E7F75A218CE1332B13786BD1299F
Reporter cocaman
Tags:AgentTesla scr

Intelligence

File Origin
# of uploads :
3
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis002B767CF932.9779.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %AppData% subdirectories
Using the Windows Management Instrumentation requests
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Gathering data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
66 / 100
Link:
https://www.joesandbox.com/analysis/540417
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/232da40c6835fdd4da0ca25b383098ff2ec0251b7fefe04c09ac82943dc8b197/
Threat name:
ByteCode-MSIL.Trojan.DelShad
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 02:31:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=emw2iddigx65jwqmujntqmey74xmaji3p7x6atajvsbjipoiwglq._file
Verdict:
unknown
Similar samples:
8b5b38085f12d51393ed5a481a554074d3c482d53ecd917f2f5dffdf3d2ee138
AgentTesla
a4d56971577536b2742d89e0ead542a8cd8818a798371d1cd04ec22b3931ec56
AgentTesla
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201118-8hb2fmt8tn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2c8158b27699872993d692ac6145133d1bd607399e0bd402728220bd2f4e0afe

AgentTesla

Executable exe 232da40c6835fdd4da0ca25b383098ff2ec0251b7fefe04c09ac82943dc8b197

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 2c8158b27699872993d692ac6145133d1bd607399e0bd402728220bd2f4e0afe
  
Dropped by
SHA256 c5e7bb588d0842023ce1655a3b88355bfd88ea6b343cea84315816559ead2ed4

Comments