MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b48fd0bcca8dcd0c1f291a8ecfc7872c909cb86cec59b431b3b2665a6db6498. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash:	3b48fd0bcca8dcd0c1f291a8ecfc7872c909cb86cec59b431b3b2665a6db6498
SHA3-384 hash:	78dcb95608929f8d088ceef493d70c739b18b91663fde259021328d5385c987265058a8479c87127c0706dcf5bcf8b30
SHA1 hash:	7833cc79f50b0bd8736f6229232692bbac5e3ee2
MD5 hash:	496ac95c078002e2c194a57d71edbf01
humanhash:	victor-bacon-hot-twelve
File name:	LPG.txt
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	225'280 bytes
First seen:	2023-10-04 06:35:36 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	3072:YD0Y9X9857hrdWvXjXQefuT0ilWNSNfVE6Hs0bfq09wViNFjvCou/c:m89hUXQGuT0ilWNSZS6MAnwyjaou/c
TLSH	T10E244C71829BDF9F2D230D45F91C2966EC1DA4AFBA8142E8FDC146C442E561CCFA89F4
Reporter	lowmal3
Tags:	js

Intelligence

File Origin

# of uploads :

# of downloads :

336

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Packed2.43192.7332.17622.UNOFFICIAL

Gathering data

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/3b48fd0bcca8dcd0c1f291a8ecfc7872c909cb86cec59b431b3b2665a6db6498

Result

Verdict:

MALICIOUS

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1319245

Signature

Multi AV Scanner detection for submitted file

Uses an obfuscated file name to hide its real file extension (double extension)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3b48fd0bcca8dcd0c1f291a8ecfc7872c909cb86cec59b431b3b2665a6db6498/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2023-09-28 15:46:20 UTC

File Type:

Text

AV detection:

6 of 38 (15.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hnep2c6mvdonbqpssguoz7dyoleqts4gz3czwqy3hmtgljw3msma._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/231004-hrg1fsbf36/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3b48fd0bcca8dcd0c1f291a8ecfc7872c909cb86cec59b431b3b2665a6db6498

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	SUSP_Reversed_Base64_Encoded_EXE Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects an base64 encoded executable with reversed characters
Reference:	Internal Research

Rule name:	SUSP_Reversed_Base64_Encoded_EXE_RID3291 Create hunting rule
Author:	Florian Roth
Description:	Detects an base64 encoded executable with reversed characters
Reference:	Internal Research