MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
SHA3-384 hash: 818fef0f002cc5ceb262080def7827d486a572b4b3237b0dfb65db1d9a99df6d57630f4a931d004c27f24ade2b563eab
SHA1 hash: e0141b4de9e20d4c01551bab83f13d73232e689d
MD5 hash: 51db61341f46006fdddaf0130bd1a17d
humanhash: william-louisiana-ink-music
File name:43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
Download: download sample
Signature AgentTesla
Create hunting rule
File size:282'112 bytes
First seen:2020-06-17 08:43:54 UTC
Last seen:2020-06-25 10:45:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep 6144:m/C2F8NXC796TB9vj480Zwz4HJIgTg3NpVMS9BjB/b9oxt:m9eVQkTrvj4hWHdpSM9oxt
Threatray 120 similar samples on MalwareBazaar
TLSH 5454DF107580C2B7C03A1535C5E6CAF546353C36E76A94DBBB983FAA3D312D06A352CE
Reporter JAMESWT_WT
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19181/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2013-10-05 19:16:00 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
37 of 48 (77.08%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
227c57f9aef1faa70cb8a19507b4ee5e99e6dd6d2925cb816cc25b839e8dd186
AgentTesla
310357fce084be8373ed754c4a6ea2fb426d90aac3d1fb1fffae16b63051b9c4
AgentTesla
46ea1705549840fd45e067930511c81a0b8979698f98e4b170b9a93b27a6ed0a
AgentTesla
5b9606df9f32aacda9751a16586a4535a8d0e8ad57c205d73c37cf436001153c
AgentTesla
9da1f861a98dac43d6b98bc89ab8a8df5209e7f708bca7547ed76716d800e27d
AgentTesla
a9e51c077a3cb18a4fbb72e9a01bdbbeac7f78da7eb0462a6c191f5956ae83a1
AgentTesla
b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
AgentTesla
d237bfb6873a7430aa8c8b7c3a44d20a6234a3862a7135c92f202f315c8eb86d
AgentTesla
d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
AgentTesla
e9f0d843d20ec7dbba3f8e8e4a412d369d997b384a10762ccf02544738a39358
AgentTesla
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence evasion
Link:
https://tria.ge/reports/200624-9zffemvg8a/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies service
Adds Run entry to start application
Drops startup file
Loads dropped DLL
Modifies Windows Firewall
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_blackremote_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19181/

Comments