MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 18


Intelligence 18 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
SHA3-384 hash: 271a2a0b4e81b027e74b5079e5f0cf6f2f85764cc37eba585c4556a6431945de0a8bef8322638f07b1ef304af728490b
SHA1 hash: 32cae933ea9a1b5428440e4689a9f031f570bc19
MD5 hash: 4f73a49e2dfc3cdf59965cf33c6f6861
humanhash: december-nuts-early-coffee
File name:4 - 60 ORDER.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:807'936 bytes
First seen:2024-11-07 23:58:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'739 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:rqFKq7QhEmbGqBk02rMUdQB0oaLT6u+yzFszJrPZF2i/mJqabVIhZeEqT2NoT:rq0q7fmNBf2IUdQilzyzNhoCqMFqD
Threatray 2'930 similar samples on MalwareBazaar
TLSH T1C705BED03B756B05DEA957B98429DDB183B52A68B001FBE659C83BD7398C3419E0CF83
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
File icon (PE):PE icon
dhash icon 0070300898b37090 (2 x VIPKeylogger, 2 x AgentTesla, 1 x RemcosRAT)
Reporter threatcat_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
454
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
4-60ORDER.rar
Verdict:
Malicious activity
Analysis date:
2024-11-07 15:01:50 UTC
Tags:
arch-exec stealer agenttesla exfiltration smtp
Link:
https://app.any.run/tasks/bde5e3f1-ffbd-4a52-a566-69c85b98c8bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win32.RATX-gen.12444.11768.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=672d544896bcb959b48d5721
Tags:
powershell lien
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Сreating synchronization primitives
Creating a process with a hidden window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Using the Windows Management Instrumentation requests
Reading critical registry keys
DNS request
Connection attempt
Sending a custom TCP request
Stealing user critical data
Adding an exclusion to Microsoft Defender
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/672d54485e56a0da881ec7b0/reports/0548988f-2928-415e-bb23-41af553e411d/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6867171e-6ca4-4637-998f-8b972a8855b5
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1551698
Signature
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
AI detected suspicious sample
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2024-11-07 00:50:22 UTC
File Type:
PE (.Net Exe)
Extracted files:
22
AV detection:
18 of 24 (75.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqzfqa6oa5rl5phmgmtwgu3xunqoeikibsm6dkk3ochnejfsftva._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
unknown_loader_037
Create hunting rule
Similar samples:
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
AgentTesla
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
AgentTesla
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
AgentTesla
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
AgentTesla
99da41b6e12ed59550b34c28d2a84eae0a31c5395bd589230a368891d9053159
AgentTesla
error
AgentTesla
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
AgentTesla
+ 2'920 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/241107-31qdea1apm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
AgentTesla
Agenttesla family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c0863f2f-adba-4a74-b714-8b4659f4f8a7
Unpacked files
SH256 hash:
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
MD5 hash:
fe9b94bc0027a4cb1c82a55191159292
SHA1 hash:
f28fce2bbff4aef4fcafdbe538eb7d26f0b3f061
Detections:
AgentTeslaXorStringsNet
Create hunting rule
MSIL_SUSP_OBFUSC_XorStringsNet
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
Link:
https://www.unpac.me/results/026c07aa-8e81-46cc-b248-7e2b83d1255b/
Parent samples :
c30918e678ef92471a950450fd052eb49cbf066fa37a42bcf9c70b4a7522f86e
c88c132a285ea816d2804c27249cc2c935865507f094c8e73c27f4bfe8a87cf3
40f520059151169261544437b55034ba75964151f2fb4e931b9c5f648672d70c
5f60065f39cfb14defcad05927bd60aad0f5dbca0977a88cf0afe78ff31d5c63
e15f9f1f3757325a4af0c327a602598d1f52fbaee85a0a1e370b7437ac3e9ebf
edc7431f81049c3df92735f6834e59da7a2b7fb3f1c9c7838d0ae4ebbdf86cd0
8c87e92f4606b57b1292de938a18cc24e181b521092b17800f8909eb9e135c13
e08afe506a39a4bb08a3e299b56382cf4c1ef488b723fb45525dfaac2451d2b9
21ea63d0aac1cb7fe26cc9693ba53b931f227bd26c333a622355ab218059fc58
8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a
13e36dd78efbec69aab73c92a926ee54f892499fbe5174442ef912731352a839
4d2b3332bac8fc3295fb6941f27014b6655c4f854ee6efab83b33652cfb463ec
46247eae2879b89ccae5e98acabb802062b6f21dfe86eb604ef136c2bcaf4958
484794d12f8acdb2894d9009c17421bf0b5be491eb43273f35bdf56295b26ff0
96ab76c69460cc8d8a255ff6ba2fa73091856c0730aeab47cdffa43ab8249c12
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
2e258ed170965c8d26e5e284e9b6f0204b7be36b68dc0221d11f1a446e46e153
342761981c08642199e312e11dfb8584c39c36dcf0d9829398b5de8de6302155
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
e30c2f0a1b9801273948018c318bee81a6a202f4c2411682186cd8abd1ac387c
9c5c25534452390522f00bd000ccef1275b398f83e60edd5c1243cd0666e8406
cf3190bc9c7c3db75b48b4e180a511bdfb62942591540f88ddae24f2fa3d049c
4072d54cdf2a168636a24c4063e56694d071dd91d4337f2413d762841d5ed1ea
71150325320f5fcc0563996a9cdf89217e8a743fe3a75e754fca5fda5c86cf67
e47231e1941487788c99975572fc9fdeb6a4948ce8cebde1e3def61ce628fce5
a159bd480f79fa31be7221debd26ef015e4ad69efed117d9b2892554c73f57f0
6819d0ef008f17b3bffc407cbc8e37c43eabfdc39bdb10029afb535f542e4d86
ee4ae0633d4f95d3611693174a516e4a4c20dddaafa737245fd8a7100a49b9e8
21a19482c7a1a678d0797850431815d7778aaf3c76218e154cd36f13062e378a
f8eb4a77eb29f42fb4ea1c255a1aa67fa622a9e5a8f7440cdf8ea8b5eb1d0ca9
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
e1a098790e575bfbdde1957b2287912df823590042759fdf8e5e2adc26857137
9dcffe8f3437c5c785db60eec5594c3b22ebbec969f02de1ba545b3a70a648e6
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
4e10c6fe5d0f656aab6d41c6a359bdbf658cafad4866583c8872ed60ed3018ed
a942a5f750e75de35ee750458c6849bf62af8867469873c1ae097a3f6cfd2ff6
5e1482b083ef98d77ee7c436a9b074e942d605a9b4a6f6c93c0eb65c8b82e359
ddcacd894280453eff2a06fed2994e57b701477c7af50d538f43f5c40c37cfdf
b17e991349d87089f0a98094f780531ff8ee0b89a2446aeeecd61eb77b2c5423
f7e3d289131a067c332064bd6f6cb7d336f0fb0476af14eea1d1b1a7127493a9
5ca87353c4d37e66f76875a46235208796dd620ad3cb7cebc6b5e66be55b2913
2581c92f9d54cdec17c02ff7b814ee3f7411c4f7c5e6bd1e4ea95431a1217a37
4af0ad255ce753c34b265d5714681b436ef635cbfc8dab10349ea913547be805
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
24565cd1781c0378bf33859bddd21713cf1b624d2ab697921341ffb2c995e456
9a71fbe977c8db9b96f804494901b49117db817bce171818140629a345b7eeaf
4d62deb9e012ee45a9b2d5c90a15955965957d3c8065b24efdde65a9c8a33b66
d7068c23337a266991d88993f5b73c093a8b864f8f90359aba2026c02a1d027f
56b1b13bbe42015f512de69de47af0abda07316f4edef30f2c1ebc4c5bde5bf2
5c08922622153fcfa1cf05af7f0bdf474c6f9990c4f529742516a03362675cc0
37109eb42fff729d1786ca4b676167f7acaa918a4abaf3bb465cfed6efa2b134
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
75d0f8641ab2d7d47457fa1f1eeb338b2aacb9e356a539d18780c273d5a37a0f
78fe38ba9a5ee5fc0156e1d2a7598597f0fdeb85bba64c86bcc36ed9d1d24bd4
fe2ae83c4440daa77bdb1c5951efe680fe1a2e41209ebeba1ae72792d9c9ae06
a07df7d83e05047ef95a78bd47023a60c53414cbf1d6cdb2bbba7ad762675a28
2363d23876a13f38f92ae169c04f2d12bb3ab6a027b4f46f144aef5a02ee0105
68729fae59820aa23f3229fcb7dd8a438d31e3635bf621a1f53a8086ffadbbf8
115fc6621dd995b238916ac8629521d718fb941f0b455f019c85b1a4174f47d2
05d703bba8967b2bbf708b1c91e364b99e6b2b8f18f59fa07c47d4da47e0272a
ffd7d83a9e5fae75ed025a5e148013b4d3e7da5817bc715e4e0451a535d5e507
e967eb5ff57e890dc8aa2bfc44a97c5016fd2c514590be458e21cfff334df6fb
8c7a2e6b92c3db88ad183a2a6da6f523be61e4268782fa03c7bd4143f614ece7
859ce543eead04b946a2d77d7d2a9342cfdfad1698fef1d442cb51fe6429eef2
ba38c374f40119a4acbdab2bc171043b87bae2d299b2628f2a02da87e851c97f
3bd2b14f49671769cc1b82ab8e12b1dfbfcd126a440a58e75feec717f036e10b
dc87604f1d5dc29d3aab245b6384d1886819e53b48118bbcf8df9fdb1b58dcaa
8ad4cfc5910c7367a8d9e92d4a1ebbb02b659abef458d8ee765ac09e3e46a484
493b28fea1ea39199b503c952ab4efaa8fd3ba5a5d5a2d9df0af21d031f3ea4c
348a670a96b8de07cb4c376807d33bd7badb5f747917dfec6f3fbccf7c966bd0
546569a42f00553d7fda79e6961779afadd95ea8e6a8738ef344275f2b642244
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
4d25a079e5c17965e6f79e9f47e122aec5b86b5a963525e6c1886d8c7d532e9c
d90ae55888f77f6914a142f25a20a441f6947cc4074f17cf8ecde99d41273525
7fbb218c97b61a5da84737c2b149277bc2d2c06601d891704d16924005379a2f
3372a33e02069a1a01adaf93b869ed66bdc06cb5b886e57c6f81e0243d6ec3a4
b27978ed194861aefac16772c229ff70288f71cc59611679eae88035a6c0191a
269e25fc0e57a2a1cbb6e3f01936142b4c6e8807d7e33960e5e8baf38ef3b631
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
cf0640554fe636e6ad2983b7c61a4a62e3d368080bef6084024e23e7dbfe9715
7f24d1a1ac882a4e9da16afa9f05464cc7b4a59aa42edd8855543a10319f5be4
03d70e61c415e7a0e2ec76c31cdaa056d05ba4a0c5424611df5b5b69c1415ff9
963574e90ebf7786aaf6a17966441068baeadbce658ddd2f19af9a9f3f34c7cc
42db38678ebdd31dbcab40014ff3b96a8b263f77e8484901226defbdfbb8eba6
ca43a036727274823265311a9995eb0c70e288bd44c5655a0d231ebf108a30a4
836e1a1a93d29eeef8a26fd8001cb5efe017c899bea5c4d404db74cc7e6ea563
165005cb8423f38beba5461a10f3cf5fb69304013b5033463265c5457e48b76d
99da41b6e12ed59550b34c28d2a84eae0a31c5395bd589230a368891d9053159
9ee9ae311878a9fc88d891aeb7282d9633a90bb4f3a8688216fa3e12e4f33bbd
c015ba3cf24ba3b9a60b53b0f36fcf3368296c4951967ce63b3e6a6cfb3e7472
7a67d110bc1f15c95d420969b5ac6a78ae1d3c6d0f7d4e913af4a7db142a461e
4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372
62c012d00a605e319f4b61150151a4d811b80472e91ebc4bdebd5d98035250d2
efad3269d3bd9b9dfea3c1553dde89ad411d4dc850ad2cc9268e291ed3af1c6c
76ee39157442dc28e64f089260ca42ec5374ae2fccb99d0940b9717e48e6dc86
11013cdd71339c3aac7041ef80912c8c03786f5967d58c539af0d560687089e8
2791c4da37ccfaabed34d36c65d373650dcfa6db4cc8f2990d671e1c01cd74df
3420372e13d30995161a73ca1b87f59273f2e9986e6763b87527d91ed53df8ce
137e0a944efefef514d0595cdfade088a59eb12404a1469e76cd024ebdb2d1f1
aa31c3c2ad5f799d3b7d964c05c4a066921ef60aee8b3f96b4c95ba38518c692
8d8331f4dc08f7610760e59020a52423569dbbc5e7b03efe8026917f4905d19b
b612dbe8660225d074563250626237783bfdeedf5bb38d5af1e2789690787fc8
3591cadebdbbaee9e75158d085435cf81ba8cdfc5c92b050275f9b490ee60998
2abceffc33aa61d03182eeed898d402dcbfb1ddca4d1e6ee4b0b0482aa4f3b8a
e834cc0db159080a88d07c5e1c843905f7eb1f3b0b48ad1c5377f159fcb5e5f0
5b2d21f50ea195e247b45b8330c18acfd0f71e146fe40489ee8301c7045daf04
238525043acd0e92e92f6317fdadcb469dd26ef5cd7460e0188a673165ebef84
a43a6421f9f5f7ac6ce878ceff99e594fadc983275f4f2f464341e5564784c70
e2fed3e4dc387c2c5ed61ad006a9c346eca49f388636d31e48e19e81469d365b
4b669a9882308c41461e55b5c429cad387b139f10c73bf23bf4181a6b42544f9
5bf7b4330d2d77e12de0b43fbf876300a792e27fcd01021f02215a918781f61b
128eff6584a219a06cf80b831dcda899a96695f279e039dee81ea862aaadebed
e25b37773835f8846b990e84b23d62fba6130042452a4f43d4a8b3a6ed0c25ad
6a3d938b7100e9c39f7090db739cdf40f4f8e951bc39ead4d7b96c59c387df4f
e9b903a7b8f21807cb8025db679ffda1a2d8aeaa8de550259a7dd287493c8bcd
7dd6e7353eaa5327ca69dff1d7e598b3f36240aeab1efcbda34b295d9418ed15
cece3161c3a7ca97caaa49e774c6811e1f378cdbfe9fb37e17f953da7f8ebd08
36dc014cdc1ee051b88eab111948730fdaaa261506d32e2013a34a2aaea0e647
4bb06d5adcee687a9935287829f07670fc03579b1761163926f8f92c72173295
dd8dde439f81fa4a6c927468424e86bd039b0e7d20ce6bd0b64aace0a4ac17cf
fcf8187bb21250eb6f8bb655b18684b374c6135a2696c0f026da4dd65ea82e5e
ae818fd422d1eba54edfdbb1043f749b9931038157e3db1675d7c17fff3d1169
f532b6d77041027a94bfbc117759218899faad1441e4f60b57197d0a687b9240
2218994e51c15b1b3b403073b062c895bae9704a3255347fcd07d5a0dc4f217a
ef0d48f4ab28cc338fc29affea2e019f1aa34a54c4220b19a13f57f73f9f81a3
a21e5885c3e892eb1f2adec7d093935fa7746ea10ca638b3a00a73d67caddf7c
767aa72294b73ffbe525ee35fccfd5939a9cf6d1128717ac159ee9b9f9adc759
34df432fffd0dff5f4a974f12dd75d405816892e113100f34ed1b3bac7358ffe
fd21ad1a514c00f3cdadb7b6cb1a0414ae3ba4ff3a822a6a1d44857fd65bb998
SH256 hash:
77f40a5b957f9cd4ec858fda1e559372df8f7688cff656051c3e7668560ce0ff
MD5 hash:
606189fc0633b10674eda2b2ad7f3a6d
SHA1 hash:
e3caa412034fdbb749cba64bdabc3dac5de0ced4
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/026c07aa-8e81-46cc-b248-7e2b83d1255b/
Parent samples :
2fd41cfb7c7d0653a396e538166b91db7ddc56cb008701a437e8cd92d63156b6
cfbea36edccb76c40ccc6f01d8cbf2d467533ecb1f3e7c7c709532998518b8d9
4db566fcdc413fe50153dc8431ae86192241f0e1e86071f80d42eb6e0fb5baca
b8d4c86463b945f866e0396ecf65af0e67e55224eecce97b033e25e816eca01e
29ce0132efcb5e1aad146065672d83b6b4ced076f1c91a851c8b34a30e7e08eb
b07790927beaf1cc2d81cf76f0081c7c264c3133fe71437ca4bd26e220800d43
4add5ca245ca6982f07f757d4f72086c45b831f6fecc1e3e4bb122b515ffc027
e19cb4af6c2d4eb1ea729a345b50c2fe5a902f7f55f79ced44da366da44471bf
9909337f624a1c2eb7aef7670b4ee0aff10baf7cae381b373c9463d68caa5a06
ba22a1fd5ccbbc56dd6c30c556637865c156a5e332e6a718c336b9d591b86a9c
c68ac751c2b84e31bd64a9d318fd5cde9c1fa7f9f9090940808fef7989b3ade9
2d84e1e52b7502a8704c99e4a3f0e48ed31904c885ab2577a2b8cbcaff1c3620
2e83d1ac06f006f6e7cc461eb6a8098d5cabfa6caa4f5af55737690a47c1f47d
a66fd780dafe112e8ee95dd63b7d6138fea1e5273b961b2774e3be95a677990d
96bfa7096fb76234a5774f70dc444d719c7553ac83db00fdbb04c1eec318d4c4
dc9e448e51f4504726d8fdccfce805dfb4c228091f12a194fef40b2a86aa5eb2
058e2c02b8cfb93b480ea8cfac08e967b39631a579256ebee27fb7472194c1ea
2d34439b88bca48219791ac13393ba7a2a7c7b3d80d6ad25fa7fb1967ae4fd44
1682ee7703dd036cbdf6ad6daa38ddb7a4e7ab567b273f9ee209672f339feb2d
23fd85e7d0e1f372bd11f594fc1a64ac020f4a8c5adce87a70f5e9f81a66da44
325be1d623422763b0e16bc3c294cc5c006f6fb2ff8ddbf9eb0e45f8d8ac6853
63e970412f2465ea620ac5a86a78584366a531b7c74f1755e8b3bab4a653c65b
0b0b2ba32fb5312ed77ae6925fbbdc872810de0e3566d5b04dbaace7e2f0dc68
dd9e683eba0236ad1ab942e817163a69ed449c17086613b69f5baad174d2c0c5
8e19bbaa0d533f50d2b7c9013955c07772e752b0751ec30e73a36b792bdf4adc
b3ffba5da1500b5a2645ef162fbfa00f4fb4020d539022daef7b9c49e81531c0
f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38
ad1ef89e6394ebc77be2471679667ee5119f451dac3134d98f80a922e9bc51c8
11cab98b080d59753d1be6cb00fd03e1d575a2c9b2632c66df888cb3143b52f5
f6b09208c3523be3a490af2fc305d4574b38d95a435c8a55402fca38597e6dac
66c525114240093bc408138d4c93c51e7c09a235e183fca73ee66ebd150e4fe1
b207c12c675b8a8186617610cdaf2dc63e655f40662ee174d9a4d9c637c890ab
b4809d12158679aa7f01db86c54fa984305c8521a499b405ee130c5d91ed6540
a920dfb486d57b7d60d6bad4643d4f425802ce9ac8c520f9771d6689b65ffe80
59cbe4e681c4371b18a5f6d457369560ce9e4f0eda5a39de1acab8b5bdf73bda
2634af4fb7d0c056e1f96809592bfcd3ee9f3fedf0ad52f9340b67d3b67d9f0a
c51ca12f5158ea6d07f3def983ae49f6127696f23244cf0a857da46a6d640b25
5aec55bf10e81eaddb865b7a91339e137b25b681a768caa914c608d3cdf51449
3aad3c90b2113bf011c93db7987cce596fd1b0a94a3c36a9bad8d058effc33f5
aa02aef2c851348c873186b8f6648dec854ba7d84b9ea9119a80fc4b9df2acc2
7602098a6b2a95ca014488ce7c67b273a6189d7cc4daa09fb639c32fc21afa99
63ac85fa66152f936244088e40eb124a6888336a4508f8d3d63d818ad30e4280
67605bfe77b822b7256723089082b0f15b23bb69e6de86191750b660c0a438e3
426c094d1d8f9823b46ea2ef18e052c6363608290a4b98eb84e5ffe01d81ccbc
7c67cb0dd0e62da4a84525b91f583e7e433a3c1c6e9404a2927cd32b0d5096a9
5975fc05d280bfb5071a38f28a7925f709f5323f609256a138d700afdd793880
680c2a3691dc7babcf16daad934a2fe8efabb3214bf36f60825b708c7f736015
90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0
f5a51a5492d785c8e485251c34b7ccef2f676bc507794c219403e750c788fbe9
e897fbdf22b9f02edf6bd659f74cae0dfbe79245a58ddb7ca40be5c44f50ad33
d682eeadb7f5d9c10016bbe8ee8f8f16938d3f7c7b33b9703225efd552df6d5b
cf7cce1b83e67375808a6c3732f6894e263b12dcd6954c4b67f1af5508d05986
25d5929f0ef894bf532d5c21e03474a7f7db7cc0be168a2d618a40bb47de9643
248ffbd7ceb70f0a8fc98a93dfde21283489b926a757cc499191d2f43931a093
3dddfdfb08f93a00401bacc404b23826232436b872231ab1fb5596ec224efae7
6dd0bde064dfa14d38008052b9f3121565f86d97f6992d10720225192ee57f99
5e04b80012352f7c3a13f013d39a25aff09413f895217784859ba424dacea181
2986e457399c8f73e94332ba214f9e1a9a562a9932f4196f85036f63d673213b
aad2ef87a40be1648de42e22dd1b492526e3c64183034c72efde4d0e5a350c88
c80986ae29269ced5ae5d3c62833734693c71efbc0dc760aa4ae807f76ef7461
2bcd91a51b87daface2c741fe568e3f8356598ad50a5d4c423be36a5836c2f72
a2c0537782a8c28077337a873813db9211330a95725e641db956183db3252241
8311884c536e402615c44c0010553cb85718a79a82fa59f90bbdc79321cc60c5
bd749917837b3e6a48c15277cb0d5b39fd0c89e4f52be26a72e30b11816fc895
9e49f5122ac42ba8a4619dd7ba2252da4118b9fd1755d2bdf17e2d179a3f5128
7ba7fe2d75fe74beedef97bee52008c4cf99e84313750b821c5202856d944e04
9f3e9756a14a38c92ac520ba9a1e74e8eae13cc8b59797d20b261f3a0add4cc9
49917f413cbf883715a5f6e5a30cb13abafc693ec296751ba8b1bdbc3142e8c5
2c34e04c20abbe2a2879ebf8360bdc8f4acbbc6b966859d312ebee520a019b8c
79ec5e64332e4f22497d2299b42a2f8b49d13820144ed6921274fecbae5acfe9
9e29fdeaf847390ef0ac52a24dca3803eb3b7527e3ecb8c2c18bc337c7425a5e
bbea0c056d01b506a9a6d37b6aca9147466e65a962f4b140887334e6f4a23b6c
db404ec3f27d0e9173f55db560ff6777560226f3a52bfde901897f637a24d89b
97ef8e5f7cce1ba7216aae7b44778fee1140371a68681b84b886bfbffb1e9e64
07888aca315d288cf934104bbee91f5a2d6cec258f9e8052adfb496cc7ea1f16
519e372bb8026c5aea93a6d44aefb4b08eb23731f2f902ae35866c5d6cc3dd97
5f87ddc2603dd15acf16958efa6dd40b484fc483f4a496714fab4adfd1ad1318
5a8467ab773f458f57d5942d6fe612c5048c50b19e7d63c82ff1eac99a324e2b
4624ef5fa24a2459eb8c1504e9bdee4e61e762680ee5bc5f2f52c77f197648fe
e49189557147abb38b584bb167b436947cde7bcea7ab44815ebc44c4f21e1870
ff58fce3cca0cbcb18d3be37f8bbb6fd507d84723de229fb1522b84ff029170f
4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
d7e680c7e06ca19deae4e677096a243daedbb0fe6d04e02deb3955f7326086a9
d9dc8cf4f0c34bff044cc82267d7480d8c565c5299f1e5c35547f7eb866fc49b
e3aec20d29a2691e607ad989939708b9f30f2c94ecf07d6502f432f8ced2b44c
668deef3724b32f255013a251ec96a2b18e6dc48031ae1138fae82cac04d0231
35ab0d5f86d42c280b4d85b71900392d2d7ba817c59f55d902a4c33cce689567
e18db2a079a2f7c4e47e676e1a252ba3f09efa95fbff3efb6ef738df96fb5ebf
6a1c2df0bd6aacd1b69d3ab82b88b71f5552beaec7c452c36af1a3fed04c5bf2
af42e687e09cde0d0244260e147d8a8d6d6d72122720ba86bbffc162343eff3c
94f858ec5529f4f52ae1bed542d9a38b2ab7e4be0446c4d9252f0de3d7cf2dce
4d45f8bd3b436a2ea84ea90bfeb028603b8118933688d07ecd3f7bc1d518da66
78c64fae4e08a3d998cdc688338437dff344b49e9a8509116640dabbd156299b
9a24b197698ebde37702b2993ea2d1d4b7d2ad327605af58a4b8b266d7d9e827
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1
24229a62ebbc2cac8ac3a7e7a6da78b179d05541dc7ffc9aac472775e2e6cd11
4bec8930b1157e64e7d785c62f4fcc4d5d144daeb954144ee3f3a5648820a9a2
69dec355a88f71f9880052143f091580cecd4c6f301c1c6fefe931d44bf8c77d
bcd2af5fd6fdac5f0bdfcc38acbaa7d941a30cc75004c1f10731d6ad9efa7632
871768e4f3d4bc1e473bc694b4d5b39a52b1d3b9aa74a580083f3162ef425441
a1ba76a8c187d43080d95acfb939a54d1b1c83546bbb4547990bbfcafd88c307
e42abe36559b21170e153807df0fb9cf9191d45fecfa496363932168b096976f
c43f4d0f453155a1a2b83f793bcaf83429cc7c6452f430a1763eec9a31fd70a0
9cd7438958ebc2fd54b69944e111165a98002937ada73d4969cf1a5b914dcb43
056604624998c531cc1a7cc40a64527e55875eb18fa47f59ad6c3678778956ba
955cb8de75d1143a7094743387ce5f52afecef4a07b22040d1da54050fed13cd
5de328c7851881e333be2850a1bd9760b94f8a5f300ac745603816da405b14a5
a2bcf903e2e35f9d43de040568e1bd0312dd0943a29f8b87861ccf50e66e9957
d8a9180da33ecaa39821ee77065c78cdf428a2c83afdbfa923e4db651b859961
8fd7b8dd8031bba418ae41089854aeba5cf9ee3a171d2cc8db05d95b692b83c8
1091372b812b70532f2d29f18f41f1618a0d72ec9e03caa5bc02dda877ff04f9
9b4391946e6ef750cd4790bbf6a35a0f2c43d10dd0475827e50946d8eea893b6
5c5722b380bf669c5d2fda7000c77a46513f5d107bc3e2f2508321df17313774
b6ad170d197d557e308b9356d0f87653eb463cf74a48cbb50ce74c7260c315c2
SH256 hash:
6cf7b899ed32c6ac2862b3792486df966651b59539013bfe460c946603510eb5
MD5 hash:
e6ca9d4a05e6e3f16949faeb1f7ab714
SHA1 hash:
253a9315624d36fd1ec28854febe16339d55878f
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/026c07aa-8e81-46cc-b248-7e2b83d1255b/
SH256 hash:
4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
MD5 hash:
4f73a49e2dfc3cdf59965cf33c6f6861
SHA1 hash:
32cae933ea9a1b5428440e4689a9f031f570bc19
Link:
https://www.unpac.me/results/026c07aa-8e81-46cc-b248-7e2b83d1255b/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4c325803ce07/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments