MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f7d3446957afc469344d6f8fad6c71911ccca32aec8f7eccc03f2778669a36f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	3f7d3446957afc469344d6f8fad6c71911ccca32aec8f7eccc03f2778669a36f
SHA3-384 hash:	dc756ad5b21441f64038ccde3daa27eaba55bbe87d6938d3639026450c9ccb1fdc8bd6b9bee58c3451cc30bda6e2e262
SHA1 hash:	20fa1ba6f1a2cc7e778e9c84e451eba6be374faf
MD5 hash:	6679b00ca7be6b88c193d9285226c1eb
humanhash:	ink-asparagus-hamper-jersey
File name:	SecuriteInfo.com.Trojan.GenericKD.34562197.5271.18000
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	351'744 bytes
First seen:	2020-09-22 11:22:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:vVfe2L03fez/ffVEqr9P5elq4KeQ7tfsWBjs7ikWRNhZWe48mL395Re9voZ3oRgN:vV2fez/fNPrR0q4KeQ7RxkGYvdd05Ez
Threatray	52 similar samples on MalwareBazaar
TLSH	1E74AE58365035CFC417CB7589A0DE34A6B6ADA6671BC303D0972AAFBF1DA86DF001E1
Reporter	SecuriteInfoCom
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

94

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/64371/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.34562197.5271.18000.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Using the Windows Management Instrumentation requests

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/472289

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AgentTesla

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3f7d3446957afc469344d6f8fad6c71911ccca32aec8f7eccc03f2778669a36f/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-09-21 11:04:59 UTC

AV detection:

29 of 48 (60.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=h56tiruvpl6ene2e234pvvwhdei4zsrsv3epp3gmapzhpbtjunxq._file

Verdict:

malicious

Similar samples:

0d9409ad57ae998654661993b12a6434067419873eabc6ead3920ba0426290a8

1a6f810afe2bfeebadb01ab981ec29c7f0f8283570ab3a550f6a6cc4634384e2

205cd594827a0ed3b674ffb492157d3b99b7dab529ba8da44249b236558f67c4

215efb4d72a987d380f71ce2cea15cb73c3084253026a2c80efd7a3c83ae5f9f

66bb65619121b9636dd4c02d3573055922b22e0c55ea1ad093d4b2759bf8118e

69da44af465f16620592883dd3c8024fef0e6974f4994846d7a8d95c17350816

7672c98ec56f080b7a6a3649296931e601e262cdd9288b6f1448ea134108d7d2

bb1eb4be1508cbc21eb2408f05af4094d5d076187e40aca4ce719cec6c3e1b88

c75035a9d20e8c0c04f6054e270cf85588d4dc555000be1f25d3f70e6973a71f

c901b6665268a9f5eeaa9e29c8fe5b9fbacbdce09be63191fc137ce573898fe7

+ 42 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200922-ke1zxm3hx6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Looks up external IP address via web service

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3f7d3446957afc469344d6f8fad6c71911ccca32aec8f7eccc03f2778669a36f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/64371/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample