MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
SHA3-384 hash: 583a49c25c5e1342ae05df486b146cd8e520326525b0264ac3d5c629a27052494a061ebaf3fe88665ca9dc861df4d2ce
SHA1 hash: 380c9ac59a6cb8a26d8e202fd16766995f9fbea7
MD5 hash: b3448cc2f3577a40220998ac4c231ad2
humanhash: autumn-helium-oxygen-helium
File name:23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'388'937 bytes
First seen:2020-06-17 08:51:14 UTC
Last seen:2020-06-25 10:43:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'450 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 24576:y3/kYc47p9MWMXTSW9SYYYJM6kDvt7RIDLXxhlCq4o1yYYVGaMZXsFXn/Z2hOB22:y3/9pGMYJwVRIDLvXBiE3WWw5fgM
Threatray 589 similar samples on MalwareBazaar
TLSH 92B5E0427E41DD94E649A43BC28F450C4BB8A9902AA3F3277DE9737D452B3733C898D9
Reporter JAMESWT_WT
Tags:AgentTesla

Code Signing Certificate

Organisation:X2Net DEMO Certificate Only
Issuer:X2Net TESTING ROOT ONLY
Algorithm:md5WithRSAEncryption
Valid from:Oct 19 14:43:09 2006 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: 61E959FDE00323BA432CEDA6EA0DD16B
Thumbprint Algorithm:SHA256
Thumbprint: 34D59986F3348B8587B782CC2547B59B7E847CC379CC7D84088600092CAFDAFE
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DarkComet
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19231/
Detection(s):
SecuriteInfo.com.Adware.Certificate-1818.UNOFFICIAL
Create hunting rule

Win.Dropper.Msilperseus-7772566-0
Create hunting rule

Gathering data
Threat name:
Win32.PUA.DemoCert
Create hunting rule
Status:
Malicious
First seen:
2016-05-02 00:33:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
30 of 48 (62.50%)
Threat level:
  1/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
03e6b99846c4ab6a841fa7aa135d2e7230a98957c1595e2ee0bc2b14329871ca
AgentTesla
5270cd6488da8841fbe6f1fa6b91f7b27be14bfcd52d1f2f3925cc2973ef4944
AgentTesla
54efc75509d102fe879aae2a49098bd2f05183502e0ee554a3f6c1a7a4367ad9
AgentTesla
63576b3bcc6c0509b9855aaa0ff27fa949da6f878e39cedf0f1bbb504aff7a98
AgentTesla
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
AgentTesla
7624dfdc9137caa3238792759440cc52c94c9c306169292396bae3b8e31a8956
AgentTesla
79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2
AgentTesla
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
AgentTesla
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
AgentTesla
f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92
AgentTesla
+ 579 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence
Link:
https://tria.ge/reports/200624-whzk6lf9bn/
Behaviour
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run entry to start application
Loads dropped DLL
Sets file to hidden
Executes dropped EXE
Modifies WinLogon for persistence
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19231/

Comments