MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2de8befd5512337e4e9c723289d086b229345708d167936e1212bcf8641f193a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2de8befd5512337e4e9c723289d086b229345708d167936e1212bcf8641f193a
SHA3-384 hash: 68ebce145e319ee6f032f1dfd4afb958bf75c82642b671cdc04330925ea2468ed93de6b8ff1ff645908d785db7f57ca2
SHA1 hash: 8d7eb5f9fad6980dbe28747f7e8caeb5f72a36d3
MD5 hash: bda6d1ea89df38b931d1b56e96613993
humanhash: mirror-zulu-arkansas-burger
File name:SHIPMENT-INV-AWB-INV8425487_PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:628'224 bytes
First seen:2020-11-17 14:52:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:/HfN4jvQ4K6WCz7frGEWLFa3EWt8LFYT6N:/16vQ49HbCEA4B8J
Threatray 1'921 similar samples on MalwareBazaar
TLSH 2DD4E1743A42FE8FC71B4E76C5502D405E60B9675B0BE31BBCDB22DC151E78A8E01AB6
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2de8befd5512337e4e9c723289d086b229345708d167936e1212bcf8641f193a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:51:13 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fxul57kvcizx4tu4oizituegwiutivyi2ftzg3qsck6pqza7de5a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
05c6320af78638e70733b9880597d7d8af13aa8648a87e828711ea864cde8823
AgentTesla
37499f9ef7586ba024646fc718832f1fe176fbddceb94429fedd4f43a9db99f3
AgentTesla
376f3a94cb7d2af93a4a3eefb2bc9cf4972f4f6868ea8309fed1ba83bf81e1e8
AgentTesla
45729be7af7c3a3c18d7b032a1797d63655fccd33c6e494a478356b55b29ce38
AgentTesla
4574055c204f272af805107051d06291970dfa5e1f05fafd268f17b499b3ebf8
AgentTesla
482e088e44a3e514ac0336587be7d148c85b9264b764ff83441d6ef5f2baf110
AgentTesla
7cf016920f62f4cd984f9fdc9c9976b07888c891b52a8c6c95c47cc3628bde21
AgentTesla
98fe679693d1f5a9c43102f6b95c4e85ef347e7e616fba8ec87d7c6b6beab98c
AgentTesla
a0062b106277324b51718baac12082f12f735f370173fa3073abf70b86b016be
AgentTesla
da4e120e4586c277edfa8a75a76f502a53c60594caee8b0bdf452220c9c61efb
AgentTesla
+ 1'911 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201117-1ldazs7xbj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: RenamesItself
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
2de8befd5512337e4e9c723289d086b229345708d167936e1212bcf8641f193a
MD5 hash:
bda6d1ea89df38b931d1b56e96613993
SHA1 hash:
8d7eb5f9fad6980dbe28747f7e8caeb5f72a36d3
Link:
https://www.unpac.me/results/b1028115-1591-468b-aafa-db8fabf2cf02/
SH256 hash:
5366323e836dd1b0269b34a3fcafe07291c54a8aae2cbfba2dd1a61080f76028
MD5 hash:
ed9e1194acd4814d9795dfdb5d9feae7
SHA1 hash:
5366bec3b2263e827b9c7ddcbe17b2c3b166464d
Link:
https://www.unpac.me/results/b1028115-1591-468b-aafa-db8fabf2cf02/
SH256 hash:
98639712015a7970b16c58850c52cb37d4896bf84dc23a99694c806ba477c33c
MD5 hash:
8c70e504a4d11798932895cd30a41f21
SHA1 hash:
68a5109692c27ea3bd0bdd17ff4b1b595f2b461c
Link:
https://www.unpac.me/results/b1028115-1591-468b-aafa-db8fabf2cf02/
SH256 hash:
ae7af70e4b45c123e777c343d3a298df6a0ad751a727181abcf78116e95c0a40
MD5 hash:
13d861f2154f6988567c46661990c463
SHA1 hash:
7479a851c59ae86a42da047db2e8f0a2e763213f
Link:
https://www.unpac.me/results/b1028115-1591-468b-aafa-db8fabf2cf02/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2de8befd5512337e4e9c723289d086b229345708d167936e1212bcf8641f193a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments