MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 16


Intelligence 16 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b
SHA3-384 hash: 97a24451a969a454e7ad520b1f464ffa57ced71d7cb30c540ac2544b20a6133451227806060cb4e1677025a411f9e6d1
SHA1 hash: 035018d65039736122bda405f7471a75ed7c2181
MD5 hash: dadab50a96b2626e90502b87141f5924
humanhash: paris-single-alanine-lima
File name:Fiyat 10243975 forKARDAG A.S scan%001%.docx.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:961'536 bytes
First seen:2023-07-27 06:55:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'611 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:2fgET7hqYiIoFwIrG3XCCaEHsbHIyXsLH1/Lc2ALgjdbRBPf/q/Dq7KqRhiwKp3e:YxxqHIcTrGCSJyXspWgjt/Hqbzj9fl
Threatray 5'320 similar samples on MalwareBazaar
TLSH T16D15E01176D99BD7D1BA03F48C61B67803BAAD4A6431DF491DC270DA6936B8007B3E2F
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon caaeaea6b682968a (2 x AgentTesla)
Reporter abuse_ch
Tags:AgentTesla exe geo TUR

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
0a8bc84a-1455-4d9d-8312-d2de0950e32e
Verdict:
Malicious activity
Analysis date:
2023-07-27 07:04:29 UTC
Tags:
stealer agenttesla
Link:
https://app.any.run/tasks/44b8cdcf-1ad9-469c-8625-1ce120320374

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/434676/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.102176.31904.26886.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
80%
Tags:
masquerade packed strictor
Link:
https://www.filescan.io/uploads/64c21504d6da59d001ad68e0/reports/0770cb7f-ea27-49c6-8cb2-d538ebd19206/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f42cbd0b-ce8c-4786-9b9e-d1a617358dc4
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1280894
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-07-25 09:54:22 UTC
File Type:
PE (.Net Exe)
Extracted files:
55
AV detection:
27 of 38 (71.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hh5d5shco4fam4y7ykywhvnbz2u5dm5izibbfo3ee3rypnbpv5vq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
128b4d5b46b29d5a788f28a9059f7ad139afea6a686eed22acbf05e33ecab3f9
AgentTesla
545bbec8b0437ac615923ad6c91885555a239596aa3d531674acd2b05122b9f4
AgentTesla
8c95d61b603ae5254044c9bef1bcaddafbec1dfecdf7cded4bb9fa1c9f350e49
AgentTesla
9197cc85a9c5fc3d9463da236c1c96551a0e805bdfd2d3c133a479f9b2ae6d0a
AgentTesla
9e778ed10d6543b0b16f50bbb021181e2cd1d6e9ab230f28492eeb45838c3893
AgentTesla
a5ee311c1782356ae8fd1e5fc6f6a2cdde6dd79ebc5c80a02c36b3327ba3ac7d
AgentTesla
d6e2992496408bb580877ab61792394e03e4b5424dc77132b7609b2a0eadde3d
AgentTesla
d964a65d39458176447fdb930e03e6534c19dcc556abde4cb522fa2aeb8289e8
AgentTesla
+ 5'310 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230727-hqyxksba7x/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
d569089e61fe2c32bb07d9291241760633b54313231f3e966479e8840b87fc3d
MD5 hash:
4c164276dabbb33394d9410745af7c0d
SHA1 hash:
fc0adee60d2c012b7e3ee47ea343bf0713b6065c
Link:
https://www.unpac.me/results/6a120b57-e62b-4431-a812-d41ada2c8f84/
SH256 hash:
53f2ad060cf771aa4f197df5789cee95959480c244a0b392bb450c8ce7311d77
MD5 hash:
37e82d3e2864e27b34f5fbacaea759c3
SHA1 hash:
a87024a466e052bff09a170bb8c6f374f6c84c32
Link:
https://www.unpac.me/results/6a120b57-e62b-4431-a812-d41ada2c8f84/
SH256 hash:
06238c620be8606c8cd7cd61ba937e405b8d45ecf937a7e659fc552406b6fcec
MD5 hash:
a075714ffe3b806a8ceafeba39c9bddd
SHA1 hash:
91499f2ccedb5a6af6f7ce48af3801113246d880
Link:
https://www.unpac.me/results/6a120b57-e62b-4431-a812-d41ada2c8f84/
SH256 hash:
b5335829b6048d5e6da5f603b3b7043f88ea1ff8bada80d931e03ad210d04692
MD5 hash:
a0b2940dd34181006ae4d85162bb1da4
SHA1 hash:
06a806e5bd6c8568c25c5c96fc6e32f437a8857d
Detections:
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/6a120b57-e62b-4431-a812-d41ada2c8f84/
Parent samples :
39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b
08945f9a3a4f95a556e3ffef86bb051b11b67171063d04f73dfb8517fc935cff
a9b35ab8cf9148b07865c2c0c092ee8302d237bcd70b6a4f95e8f58d0682635e
eedee48614c7092e1e1bfbf5c5e4ec7199057d5228037b76df889ede68f27f46
SH256 hash:
39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b
MD5 hash:
dadab50a96b2626e90502b87141f5924
SHA1 hash:
035018d65039736122bda405f7471a75ed7c2181
Link:
https://www.unpac.me/results/6a120b57-e62b-4431-a812-d41ada2c8f84/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/39fa3ec8e277/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 39fa3ec8e2770a06731fc2b163d5a1cea9d1b3a8ca0212bb6426e387b42faf6b

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/434676/

Comments