MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2
SHA3-384 hash: 95bf6747c75ad0c77a05406d10524662aa72286e7dbd69b5cd91740b392906e2462068b0dfa1aadf11ad6f191fb02fde
SHA1 hash: bdabc9a39a83e3334b4a9f6450a06f4c458b377f
MD5 hash: 433ee996a914d01529b5e48956ef1ddc
humanhash: missouri-batman-sodium-floor
File name:PAYMENT SLIP. pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:114'176 bytes
First seen:2023-06-15 21:09:09 UTC
Last seen:2023-06-19 07:42:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:DhCmUdgO3NqQV3CMtBWpUuHweJGt69VhJbhSLerIGbivSvl:DhFAV3jipvrctEHE2
Threatray 8 similar samples on MalwareBazaar
TLSH T176B328237368877AC89F427B241002404777B3BAE359C3969EDBBCDB32B5774A2511A7
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
352
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PAYMENT SLIP. pdf.exe
Verdict:
Malicious activity
Analysis date:
2023-06-15 21:11:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4499be59-9140-4306-b044-d2e6d12c46b7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/399328/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67528803.18451.14324.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file
Sending a custom TCP request
Sending an HTTP GET request to an infection source
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/648b7e2cfad28f3c32b65bc0/reports/afb0810a-6449-4c64-87f9-b51ae3dd90f2/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b7425225-e484-4d00-8d06-773e0ffca28a
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1255643
Signature
.NET source code references suspicious native API functions
Antivirus detection for URL or domain
Found malware configuration
Initial sample is a PE file and has a suspicious name
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sample has a suspicious name (potential lure to open the executable)
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2/
Threat name:
ByteCode-MSIL.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2023-06-14 22:17:13 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
14 of 36 (38.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gs5ta2z7sxursvsqrtbhri2byc4nteyhs7naq7ovq4snnshjblba._file
Verdict:
malicious
Similar samples:
06dc6394565b70ac8efd2cc98225cf3ec9b5f7711e036189b186340c591e4f67
AgentTesla
0a0c50dbc5d0c9811bfd0552ddd075e0e1df2cf07049cc546e41f9bf08cb8290
AgentTesla
28332d3e7e3ec9047ce5a3d3304764345680189e9def1eb54565d7c952bc9bc3
AgentTesla
4d9e0a28423515a1574837873cc75c3c495daebf2247e5353f9028d97ccf3fb6
AgentTesla
670bc9a86f72af2ab43a89c576a4e1874ce188b35a1f5656ea27f4b7ac3d5f09
AgentTesla
752cd9b98abfd8737d90c300de0ffb7c471a0b94a8a6f870931a7d69ac424281
AgentTesla
ac8608bc5b4c0f07e986efa1965ea77825ef430b4c7699e569a43877aeebc6a5
AgentTesla
e217b089f11e6c38b12c658b52f2d215d8546ce2b61d999235e5f75e3c87fcd3
AgentTesla
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230615-zz17qsbc4w/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2
MD5 hash:
433ee996a914d01529b5e48956ef1ddc
SHA1 hash:
bdabc9a39a83e3334b4a9f6450a06f4c458b377f
Link:
https://www.unpac.me/results/a3f0c132-c772-404d-99fa-ae3b405c7fb1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34bb306b3f95e91956508cc278a341c0b8d9930797da087dd58724d6c8e90ac2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/399328/

Comments