MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b6e7577234309f9e6a02cdae8f7a77d542089c2a6efec1e08a478212038ab87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b6e7577234309f9e6a02cdae8f7a77d542089c2a6efec1e08a478212038ab87
SHA3-384 hash: c240c10462ec188ca48306feaff2c44a9e4b70ac3d44b8d6b8da8a67b29061e7443d4fa8b497897897641cb73adde3e7
SHA1 hash: 81b8d22729792ab7b063073bf975d918f31b50b9
MD5 hash: db0e1cb416363c569b4d2db7fa179ac3
humanhash: quiet-lake-mars-september
File name:RQF_001.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:878'592 bytes
First seen:2021-05-03 14:05:51 UTC
Last seen:2021-05-03 15:01:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:/oLAhZLaQoKifowky19TbJzeDzVakzEzY:lJazKidt19TbB2zV4E
Threatray 4'412 similar samples on MalwareBazaar
TLSH FB155ABC725464E6D3570D7263CF4C0383652270A92AEA4E5F6013BE5A57F232F3698B
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/148557/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Launching a process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/708037
Signature
Antivirus / Scanner detection for submitted sample
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4b6e7577234309f9e6a02cdae8f7a77d542089c2a6efec1e08a478212038ab87/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2021-05-03 14:06:12 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jnxhk5zdime7tzvaftnor55hpvkcbcocu3x6yhqiur4ccibyvodq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0dc0f8dca48090c22d53e8b76e32094fa65a5e994c01507a987dd9b572c10844
AgentTesla
225292deee765b9ce907a03a47645c52201a14dfb962345096fd30385fc63eae
AgentTesla
26dad1e44b5d06bcee5cddb288e3cd623da7bfd1d44a68661e27796f32e3de70
AgentTesla
2b4d627a6ac8c7eeca73863e772ca981672d29498629d0b86e1ef978a6ab2859
AgentTesla
2d03d586cd5f7c3a9cdda77d45f78124acfef0879489a78081b6885eb75dcd2d
AgentTesla
36c42944400bdcde3e3406f10e44f934f7ff7eefb0d4c81ebb44a1fa8ee560de
AgentTesla
3a5c30055449247f22c553ec85ef739642e65e1046dac93d9ead539e2fc4fd07
AgentTesla
3ee7aa3a891ec3cdb3d03240d19ec0495e9439bebaaf271ed753a08dc9dfe078
AgentTesla
73919b4d792a4fc63ec3121edd6b41cfba0a266db32fac1f76132758c549b8e0
AgentTesla
b9b2c05c193a6df71266380c102c635199a45263722c6395a0b03de819a01ee1
AgentTesla
+ 4'402 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210503-1mp8r9e7mn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
2df82d80d58898d9d5a37d48e6f5e5f18ada5d54d648e8240da3b4b3f0094116
MD5 hash:
4fbbca03510e408c7a45794e6d8fe478
SHA1 hash:
fe4614c8490f43d85ee5636ca0ca8bd7da2ebd61
Link:
https://www.unpac.me/results/4d380378-d343-4339-a9d3-ce043d2856e3/
SH256 hash:
74b2935b9dfe4ba397fd0507ae3c36abb77193041f2e7c43c55dc4e7b33de61c
MD5 hash:
b5c218f30fecc9cb8513ff6a46737b01
SHA1 hash:
f0416867c2b114789620b318051f1fa390b07eae
Link:
https://www.unpac.me/results/4d380378-d343-4339-a9d3-ce043d2856e3/
SH256 hash:
f0fb6027cfca7fe2c65e6cbd6a9a581418dfbe40ec477668a61a822a35b95f6d
MD5 hash:
13af30c2ea31473e1660c4c9f773efb3
SHA1 hash:
c63fb417a96f9939d5d6d480d403e6f2ac71cd48
Link:
https://www.unpac.me/results/4d380378-d343-4339-a9d3-ce043d2856e3/
SH256 hash:
4b6e7577234309f9e6a02cdae8f7a77d542089c2a6efec1e08a478212038ab87
MD5 hash:
db0e1cb416363c569b4d2db7fa179ac3
SHA1 hash:
81b8d22729792ab7b063073bf975d918f31b50b9
Link:
https://www.unpac.me/results/4d380378-d343-4339-a9d3-ce043d2856e3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4b6e7577234309f9e6a02cdae8f7a77d542089c2a6efec1e08a478212038ab87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 4b6e7577234309f9e6a02cdae8f7a77d542089c2a6efec1e08a478212038ab87

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/148557/

Comments