MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4107ae832e2a94dd12c11823472aba013b3d016efbc357526152a2e0d2d3ca88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	4107ae832e2a94dd12c11823472aba013b3d016efbc357526152a2e0d2d3ca88
SHA3-384 hash:	6577aafb905005430126d5f0af26b6e8de80df28cc7c153c4de74b8095767942c3d89bba7f83ad148306b4772a1e75d4
SHA1 hash:	74778c0407b45132e002d45ff788b73ce3249666
MD5 hash:	c6ce81ab4bf22ca3f2fee3b0bf70af93
humanhash:	chicken-emma-glucose-delta
File name:	Payment Slip.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	613'376 bytes
First seen:	2020-10-07 13:59:54 UTC
Last seen:	2020-10-08 12:03:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:YPJIie6g+iRSlGP5MGMfROycKwgtybxSikRpvHinbrgkYYJ:6te6q7hMGMofLXtSpRVCbrAw
Threatray	374 similar samples on MalwareBazaar
TLSH	69D4DFBB658C071BC06C107D421498490EFEF4469EB6FE39EEFA70A532D26C95EC34A5
Reporter	cocaman
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Detection:

AgentTeslaV3

Link:

https://www.capesandbox.com/analysis/68966/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Unauthorized injection to a recently created process

Creating a file

Launching a process

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/484256

Signature

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AgentTesla

Yara detected AntiVM_3

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4107ae832e2a94dd12c11823472aba013b3d016efbc357526152a2e0d2d3ca88/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-10-07 13:57:20 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ied25azofkkn2ewbdaruokv2ae5t2alo7pbvoutbkkrobuwtzkea._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

5b48475bbc32e2dbd6ebfb746071c6192e57dfdfcfc0cfb1ae9f381663728537

AgentTesla

60db9d2df465b5bfcf2d1c0a71559c57c561d0746a0f3fd7f4e8b9203871cfb8

AgentTesla

818343ec8323d98752f067ddc9c04d0f2bddcb4e4d14137b6c16ee01a8fae41e

AgentTesla

8600c1896f8c6835a9a5c44631ac45b319c0cc9b2e0a50a72bb37436a84ea96a

AgentTesla

a20e29b157ca333fd7f6503315be7f41df98bf15172c0a8f6cab83451945effe

AgentTesla

a98127f9a0d540a5aa091013a1134d8a8434e50b7f8e8b959ddaac0f45feac04

AgentTesla

c39ac13cc69cadcb6badd8700e1a667274b9cd9eaa102db3f506bbf35372a29c

AgentTesla

eed860fb0b48051582b2f34f20bc47f0fa5cd2273d20df99d339d1058e79113f

AgentTesla

f00571fb0c082a4a7d66d08af1628b4be7515a74e153adee51db8136ed5918ce

AgentTesla

+ 364 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://tria.ge/reports/201007-dpwtlqbab6/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

ServiceHost packer

Unpacked files

SH256 hash:

4107ae832e2a94dd12c11823472aba013b3d016efbc357526152a2e0d2d3ca88

MD5 hash:

c6ce81ab4bf22ca3f2fee3b0bf70af93

SHA1 hash:

74778c0407b45132e002d45ff788b73ce3249666

Link:

https://www.unpac.me/results/9568f264-f27c-48ce-9a0a-0c5c17388124/

SH256 hash:

13b24d3a09d099dabe41cd6cd71607a77e14640b1e9b4ed2d60f6c012f191c43

MD5 hash:

109cedae3c384a1913107f1efad2b7c8

SHA1 hash:

1f7f35b0ed85fa12bb839cbce698e59a30813420

Link:

https://www.unpac.me/results/9568f264-f27c-48ce-9a0a-0c5c17388124/

SH256 hash:

bddcc47821572e3aada50f9970a2470c137a8514fcb51cf084cbc2c48caac921

MD5 hash:

329e68ca8d484c4e469258c45f759487

SHA1 hash:

b889bb525b379e355ceef2781fc63280f38a5bd2

Link:

https://www.unpac.me/results/9568f264-f27c-48ce-9a0a-0c5c17388124/

SH256 hash:

603446488a5377b2aaddbb7c173862f8686e57c18fc73f84b668f77fbb253647

MD5 hash:

dc6830d9d749846bd8852736abefdc91

SHA1 hash:

edc2475701c64e4f50bf1c4fa6ece9d22bbd5b7f

Link:

https://www.unpac.me/results/9568f264-f27c-48ce-9a0a-0c5c17388124/

SH256 hash:

ec92d2c8000367c02ee06223808e78f9d0919109ce7dc2f9f46cc44554cc0377

MD5 hash:

d92571823ffe70e5425e03638a5161c9

SHA1 hash:

f7fb5de726e4e3e862969516cf11487b79f3ee6e

Link:

https://www.unpac.me/results/9568f264-f27c-48ce-9a0a-0c5c17388124/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4107ae832e2a94dd12c11823472aba013b3d016efbc357526152a2e0d2d3ca88

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj f07d3110d9ff1ea3b40d386da22aef75fecf1d70b41573ed099a3edac0d21326

AgentTesla

exe 4107ae832e2a94dd12c11823472aba013b3d016efbc357526152a2e0d2d3ca88

(this sample)

Delivery method

Other

Dropped by

SHA256 f07d3110d9ff1ea3b40d386da22aef75fecf1d70b41573ed099a3edac0d21326

Cape

https://www.capesandbox.com/analysis/68966/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample