MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e132b331b416b7480762cd12eda3fba08eeff73f54042c44247419a28450708. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e132b331b416b7480762cd12eda3fba08eeff73f54042c44247419a28450708
SHA3-384 hash: b00809c8b5a51336443fb72ba4dacbd205b37b21742f5ce333a8d2208176152a9ba7531243455c97513bb26f66cd5e23
SHA1 hash: 212c08a05b42ceab9cae969861dc305f0b784861
MD5 hash: 978a6935dc6c90106d7c08b9a5fa5cf0
humanhash: hydrogen-lion-happy-romeo
File name:9c6fb8746b6cccb65cee1d12cfe9dd67
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'045'504 bytes
First seen:2020-11-17 12:33:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:uGiyGTjhJ5iABoTEsoPtrUoH6/3NQtl9Hy5KZySh9N:XNGTjhJAABoTxCtrH6/30ltsSh
Threatray 87 similar samples on MalwareBazaar
TLSH 0925D00A2BD40A1BC5AF27BAE0345194837CF952E357E79B29A9A0FC18D33588D457F3
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Creating a file in the %AppData% subdirectories
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e132b331b416b7480762cd12eda3fba08eeff73f54042c44247419a28450708/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:37:56 UTC
AV detection:
27 of 47 (57.45%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
4d110e0d08384339b1bc38fbcad2bab177df0ad27b5f5cb2a3b88e8237052abd
AgentTesla
622b5044ebb502fe18158372f5f5fd40987aec1d0c860e40f6e3a77650ed94a2
AgentTesla
7543d16d9eb66ebcb61a632b705609940389665e09e7e4bdc3ec33f3612d1dcb
AgentTesla
85cdb8ba6c26cda233caea43b4f596e399b4cf7e561ac3c8c6cb4214cddf54a3
AgentTesla
a3230e59a4a3a5f499ff5d3f6a6d595ba1be76befacea3a3770d9980298d4583
AgentTesla
d8abb9259099fbb46b0d24cb342f32cfd5b3046487d55c8843bc819315da12b1
AgentTesla
d8d901bb4e3990c3eff141e0030128a484e35ca5145a46e63d43fcfb841a8c32
AgentTesla
db15c1cea9481097cc1b2071902ca0523cde0aff7e96f859cf495a153b552249
AgentTesla
de53b13e9795b9cbdb03534e3b1d7a809a8962147f10ccb10a55f2424735d130
AgentTesla
e4974ddc809773cd725cfc7070ad545ddf4aa1fc211eb77a1eaae7b7fc1a019c
AgentTesla
+ 77 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201117-wnnr648v8a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
2e132b331b416b7480762cd12eda3fba08eeff73f54042c44247419a28450708
MD5 hash:
978a6935dc6c90106d7c08b9a5fa5cf0
SHA1 hash:
212c08a05b42ceab9cae969861dc305f0b784861
Link:
https://www.unpac.me/results/2dbcefe2-4935-421d-8deb-84fdf87a722d/
SH256 hash:
e5277304a1b7987881ad846acec7c6e5cde4385a4915a31ff7c6f4045834d31e
MD5 hash:
e8b8ebabe1267222842f4c012f547f9f
SHA1 hash:
25a50646e231e29c917006444209371d3f564c94
Link:
https://www.unpac.me/results/2dbcefe2-4935-421d-8deb-84fdf87a722d/
SH256 hash:
d6dfa7f6dfbb2f97893dbcbccdf662b8e553e5f624ab6ed13865df9f16fff646
MD5 hash:
a920d7bc10787c7516b422b778542ee0
SHA1 hash:
4ba7010c6c39005f0d277fd6cf40c14fef7aa147
Link:
https://www.unpac.me/results/2dbcefe2-4935-421d-8deb-84fdf87a722d/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments