MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42bc1181234539298bb24048458ee5e99328127408b491d94688c8e012d0b64c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42bc1181234539298bb24048458ee5e99328127408b491d94688c8e012d0b64c
SHA3-384 hash: 22f9d3119e7e42ea90116bede2dce960e36128f2465cc2237ee0854c35f7205900344f3434a6c5c4fcdf29fd9512e5a3
SHA1 hash: be8677d82968a34c99531f8d4a1c6ded9d84d1e2
MD5 hash: add90f640f9cc88b99aff3c43a21b5e9
humanhash: blue-winner-cold-thirteen
File name:Order_Nq22MNBNQ.pif
Download: download sample
Signature AgentTesla
Create hunting rule
File size:991'232 bytes
First seen:2021-03-15 13:32:00 UTC
Last seen:2021-03-15 15:38:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:CAYOVs4iLOrztkchniF0a2W2sjv1Le30btlEx3/uNOehKENcsl3Rj3VKs3w19KFw:CAHWgniFBEsjv9eO5MENcs1J3Vr3Tsg
Threatray 325 similar samples on MalwareBazaar
TLSH 5B256B203EA69034E432DAB75BD661B76D6D6F263B01F4F93E7173C60633943A9C1229
Reporter TeamDreier
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Order_Nq22MNBNQ.pif
Verdict:
No threats detected
Analysis date:
2021-03-15 13:35:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8827c336-3e29-4220-992b-c4b02d4faf2b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.577.4662.6132.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9075417f-b036-4514-b2c9-771e44cccce3
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/639542
Signature
.NET source code contains very large strings
Found malware configuration
Initial sample is a PE file and has a suspicious name
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 368741 Sample: Order_Nq22MNBNQ.pif Startdate: 15/03/2021 Architecture: WINDOWS Score: 76 16 Found malware configuration 2->16 18 Yara detected AgentTesla 2->18 20 Yara detected AntiVM3 2->20 22 3 other signatures 2->22 6 Order_Nq22MNBNQ.exe 3 2->6         started        process3 process4 8 Order_Nq22MNBNQ.exe 6->8         started        10 Order_Nq22MNBNQ.exe 6->10         started        12 Order_Nq22MNBNQ.exe 6->12         started        14 2 other processes 6->14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42bc1181234539298bb24048458ee5e99328127408b491d94688c8e012d0b64c/
Threat name:
ByteCode-MSIL.Trojan.Witch
Create hunting rule
Status:
Malicious
First seen:
2021-03-15 10:18:19 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ik6bdajdiu4stc5sibeeldxf5gjsqetubc2jdwkgrdeoaewqwzga._file
Verdict:
unknown
Similar samples:
081bf032ec84c1504a1ec0d43302699c3de788ea5172dcd94a5fcdbb427ffb21
AgentTesla
1dc7babb988cab4431b991c50abbbe696175f0447dcb699c39874934ae43bc1c
AgentTesla
268f6ad0fa829df8641b4ca939eb591da6659e4824f998669c96fdf21284598e
AgentTesla
3ed517e03182938065c9a5d0c3e97bfc763d36e6b34b9d41472e08549a9a3108
AgentTesla
411e56b415d4c23a741958c3f1ada72b3e958c078d27c339678bb690b7a895c3
AgentTesla
5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215
AgentTesla
66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0
AgentTesla
723fc2a02ff16459dad6943d5f8de485253aec7d7fcc0f43cc095edef3876200
AgentTesla
cbda0cb5e73c569728dbc6898745de0e6d024bc2e7f7d3dfebf19caecda5d912
AgentTesla
f5ce9b9e842592913ed4e6e1dafe695eae938aa52d4e232ac5be3e52387db7c6
AgentTesla
+ 315 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210315-nvnhwdzdd2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
42bc1181234539298bb24048458ee5e99328127408b491d94688c8e012d0b64c
MD5 hash:
add90f640f9cc88b99aff3c43a21b5e9
SHA1 hash:
be8677d82968a34c99531f8d4a1c6ded9d84d1e2
Link:
https://www.unpac.me/results/8f2a03ae-6911-4473-a53f-2d90e6781892/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.49
Link:
https://yomi.yoroi.company/submissions/42bc1181234539298bb24048458ee5e99328127408b491d94688c8e012d0b64c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments