MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38841cf99acbad325533235562fb6502b995a2a32e43315cf0c9ed3f6f394590. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38841cf99acbad325533235562fb6502b995a2a32e43315cf0c9ed3f6f394590
SHA3-384 hash: 1c8df20ecde9ea1712a349e23b9360a99f9a43c03f0885589cbef147aa14b37ebe2beb26f884492ce1c03a04091953fb
SHA1 hash: 09b780ab85393fe330df58a6dcf5edbe08575ba7
MD5 hash: 6cd6dc7c4f4bddf5c58330e307a777ee
humanhash: nebraska-video-crazy-item
File name:order 45003814781830171.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:565'760 bytes
First seen:2022-11-16 07:36:29 UTC
Last seen:2022-11-16 09:53:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:p0jjg9mvijwBatxkhxvCiRt3tYJ8yl4scHfI8iX5:IjTvow4txkrv5RBtO8ymH7ip
Threatray 591 similar samples on MalwareBazaar
TLSH T1EAC4029030BD7A91E51167BE71AF23D97BA3213CB85EEEC94C0511F345B4B822E81F66
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter lowmal3
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
order 45003814781830171.exe
Verdict:
No threats detected
Analysis date:
2022-11-16 07:38:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7642f9c7-96bd-443c-9288-2e52002be1e4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/334681/
Detection(s):
SecuriteInfo.com.Variant.Tedy.239376.19322.29953.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6374931ff75d59fef0b988e3/reports/b4af4791-2dbd-4d16-9a3c-97ad120b7e2a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/7cdf638b-30c4-4d1b-bff7-22b04f8ef321
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1114596
Signature
Creates autostart registry keys with suspicious names
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38841cf99acbad325533235562fb6502b995a2a32e43315cf0c9ed3f6f394590/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2022-11-16 00:52:38 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
4
AV detection:
18 of 39 (46.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hccbz6m2zowtevjtenkwf63fak4zlivdfzbtcxhqzhwt63zziwia._file
Verdict:
malicious
Similar samples:
2c735406da96a49a4d79b1cfca607013dff88e49c5d1526e5a04f4a32111d785
AgentTesla
3c181fbe5ba30cd988fe7ec49ceecb2962627f309613f63d674405127ba67f11
AgentTesla
43e7901e0f50ea1ad4a609f04769dd0a3384443f685090e370e1d728595fc85f
AgentTesla
7265ba924abcc035e8263873f5ed19842a0ad724b408fb816e7c1b64768b0cf0
AgentTesla
a7dc1d7849adc86bc322f33ae8316be94e572df4442da18826330c2bdc124152
AgentTesla
c6070d16218077441b9faa6ed769b764e27d7a506c2eea9ee98527d88f2c8eae
AgentTesla
db9bb4ecdc01a72d728f9fc7e522848ba7afe64bfa27516f0505a179db2f7345
AgentTesla
f0c54f3f1717c1039dacdf7c4b63200d6f027e5a622c6eb65636d2089aa4b1c0
AgentTesla
fed3b772542834aba36e33587e360877e9b76c186a937e39454119c757014763
AgentTesla
+ 581 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/221116-jfs41sde9y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3920a10f-0c53-4745-88fd-365198341ec0
Unpacked files
SH256 hash:
38841cf99acbad325533235562fb6502b995a2a32e43315cf0c9ed3f6f394590
MD5 hash:
6cd6dc7c4f4bddf5c58330e307a777ee
SHA1 hash:
09b780ab85393fe330df58a6dcf5edbe08575ba7
Link:
https://www.unpac.me/results/be0498a9-f83c-4379-87e9-e42d6043935e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/38841cf99acbad325533235562fb6502b995a2a32e43315cf0c9ed3f6f394590

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 38841cf99acbad325533235562fb6502b995a2a32e43315cf0c9ed3f6f394590

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/334681/

Comments