MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af
SHA3-384 hash: 4478be0f408ac8591d7dc12e734ca73781ee6499dc4ab2a510ab08dcbaca256ea6ee2a3893a6b562e74714edbb511d24
SHA1 hash: 065fbdf5b64cc5c9cf4f983f229a89d7252f62a6
MD5 hash: db7c5591589c1bc7be457ad87d8fff0e
humanhash: robert-kilo-oklahoma-november
File name:new po.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:3'922'432 bytes
First seen:2021-01-18 09:02:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 98304:3PELkvj90DTbsa8k6JCHQIawxqi8cOewYgKQbHJYuGL:bWDTbsa8k6sMwxLrOnYgKQbpM
Threatray 19 similar samples on MalwareBazaar
TLSH D406238075FA4358FAF59BF812325104D7B57E6E6ABEE16E5C8460DE0A72F4048D2F23
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Echo <paulcorp@cyber.net.pk>
Reply-To: importmegapoint@yahoo.com
Subject: New Order Product
Attachment: new po.rar (contains "new po.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
new po.exe
Verdict:
Suspicious activity
Analysis date:
2021-01-18 09:17:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f966aafb-91dd-4c05-9daa-1bc43e1d0840

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112504/
Detection(s):
SecuriteInfo.com.Trojan.Siggen11.57608.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/583686
Signature
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 01:12:49 UTC
AV detection:
10 of 45 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwupvaxwfa23z42to7kto3qaflwm76jcrplfmuf3xfnguiribcxq._file
Verdict:
unknown
Similar samples:
371f46d6159d5fcba2d1531a470938fcd195840aeaf1147ec894407a7387431d
AgentTesla
4f3d500dc26e8a87fe7361064a50b7715731c378ec019e4643986f1e5c524cee
AgentTesla
7c2f0c42ed478e241d2fdb2580915342c5dbd50acc3fafa26908ae73a581eb3f
AgentTesla
ae628fd84f2ba783d82aa6e8804e7c41341671758e04ebc236f76ef7c7bee129
AgentTesla
d68a5a2bf92f0f08b8eb6f39351462f81d65d54085c1c7ae3aa81b2d3018434e
AgentTesla
d7105dfaf2690af5ecb82d31c891c8b6e36af889ddf4c10af513f4d0efd2d073
AgentTesla
d8b589a43f9499ffec0bc949540579b25a1c333d6e0531c7f40336e720e04a6b
AgentTesla
e582696b2f3c980a6d81be401fc5da4c24a4b0c490ff6764516a0aa3e3aae23b
AgentTesla
f40a960ed96e9a20965c184a7f798a5c2510f5673fde3b2274e4ea7ab463a324
AgentTesla
f6c28a76b12ddb94037c6cac0426ba87fb3201634731b901f66aecc15d5a98be
AgentTesla
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/210118-hz6381npge/
Behaviour
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Checks whether UAC is enabled
UAC bypass
Unpacked files
SH256 hash:
3978a92ed0d71c04edd0d62ec81282d0c248ced53a34ebbf0ed4e342865bbef3
MD5 hash:
4f2be2bd25def346a00c22476ade5b9a
SHA1 hash:
ef509c7a2e9fb0974fd7610c121e451464539641
Detections:
win_agent_tesla_w1
Create hunting rule
Link:
https://www.unpac.me/results/7e53ecfd-36f4-4951-876e-c9606f455a23/
SH256 hash:
64a419709ad219ffc006bda776b650da486d55048d2fa34525f40227da0e5c86
MD5 hash:
88c0ec8398978fa2e4240f02765086ad
SHA1 hash:
5a5c4935b2d70e890c89ad9332365f4f4aa86f3c
Link:
https://www.unpac.me/results/7e53ecfd-36f4-4951-876e-c9606f455a23/
SH256 hash:
d2683be0fdb3a0cce80cc2fb92cc38385dc0dac474528d1c2c336e4337b7acc9
MD5 hash:
3dacf30921e116844a0f9e8e39739878
SHA1 hash:
3ec1a4e17818686fe6ff75b37d71be02ad46ba2b
Link:
https://www.unpac.me/results/7e53ecfd-36f4-4951-876e-c9606f455a23/
SH256 hash:
bf88a91ca862c0be0f07d8c60ebacfd6add106b8fac604dde534fb9dac23c03f
MD5 hash:
721cda17d1b978aeb9680bcc84eab5a4
SHA1 hash:
a44befa50d9545c6707aeb457647206778ee0a35
Link:
https://www.unpac.me/results/7e53ecfd-36f4-4951-876e-c9606f455a23/
SH256 hash:
3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af
MD5 hash:
db7c5591589c1bc7be457ad87d8fff0e
SHA1 hash:
065fbdf5b64cc5c9cf4f983f229a89d7252f62a6
Link:
https://www.unpac.me/results/7e53ecfd-36f4-4951-876e-c9606f455a23/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4

AgentTesla

Executable exe 3da8fa82f62835bcf35377d5376e002aeccff9228bd65650bbb95a6a222808af

(this sample)

  
Dropped by
MD5 aad1e9e3d7c35dc24f199cb00635a015
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112504/
  
Dropped by
SHA256 8af036d36db87bae3f3035be0b58a7823f70beb174ed69add02e210ad77348d4

Comments