MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 515476905d43c54f0c4912d6c1c3aa88a103acc59198cba315c145d28aad22de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 515476905d43c54f0c4912d6c1c3aa88a103acc59198cba315c145d28aad22de
SHA3-384 hash: 910cb62ea1257d04dd510af41e6f661a77f9342d328789ad6fb937a60c778ea743de228de093ccbd280eb5232e19f5eb
SHA1 hash: d73089285610ff807bab52b672d069f1e952c849
MD5 hash: c32b739919d81ffe883dd61494be372d
humanhash: lemon-october-oxygen-neptune
File name:DHL_01_18_2021_Shipment_Documents,PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'208'832 bytes
First seen:2021-01-19 07:29:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:LSw1E+7Wp6dJx6o3Uc48/X2p/2KTIPaa4MmT4fY:LSp+7JdJxz48up/jT/PT4Q
Threatray 2'208 similar samples on MalwareBazaar
TLSH 7D459D1053DC9F20E7BC96F89810926067E9A546F254E37CFDBEA0C25F62DA449DFB80
Reporter abuse_ch
Tags:AgentTesla DHL exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL_01_18_2021_Shipment_Documents,PDF.exe
Verdict:
Suspicious activity
Analysis date:
2021-01-19 07:51:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/614c8e24-e12a-42d4-b782-d44ee6899355

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112781/
Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/584567
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
C2 URLs / IPs found in malware configuration
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/515476905d43c54f0c4912d6c1c3aa88a103acc59198cba315c145d28aad22de/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 08:16:15 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfkhnec5ipcu6dcjcllmdq5krcqqhlgfsgmmxiyvyfc5fcvnelpa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0aa319b22736e50f9486096af97cf5d70a4b072116d52c2872708295732862a5
AgentTesla
0e770b4b1dff63afb16c1ca24f74e45905ab4e9baa1cd7ec48dada2deb252d8f
AgentTesla
1a6622548b70077312df3ffee6ffe24bcf6536f8ecf8c04bc05e54b69ba5509c
AgentTesla
2a411486f86d7a28869c33afc7efec53f718b0613f91b6a28a6d3343aeba8e63
AgentTesla
6b090efc032911140a9b027ae65b205eb4b6aef2ab0dec995e473470f6706240
AgentTesla
9972434ebdd96cf98cbc8849f08d6ca3120e5cf2553b3416bc0fccc5396c74b5
AgentTesla
99d0abe691cea3ff0e8462f7cca0649a52507a03387bda27e95a20bd72a6b37b
AgentTesla
ced74986e807f1b4dd969d4811e20b516b11b39d0d8681ebadf9123a6de30b7c
AgentTesla
de0f6d3156577dbace690119ed748be66c64e539402780878490839dd0b24234
AgentTesla
fd2a7682f371ab740d8691e13d1ab27f3919414019afd1b6ddf935394c59ba60
AgentTesla
+ 2'198 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210119-175gfaqq8x/
Unpacked files
SH256 hash:
1d6ecf546163882d34d4bb2b7afa3889506ca3036ed536c4ed972ed89bdf5035
MD5 hash:
fb169513679d349cb2a7e4121bacfd4a
SHA1 hash:
26619d7ce0a175b9fc4fbfd7f4b105050562924f
Link:
https://www.unpac.me/results/79337773-0287-4300-9f54-cfc8494c30c6/
SH256 hash:
515476905d43c54f0c4912d6c1c3aa88a103acc59198cba315c145d28aad22de
MD5 hash:
c32b739919d81ffe883dd61494be372d
SHA1 hash:
d73089285610ff807bab52b672d069f1e952c849
Link:
https://www.unpac.me/results/79337773-0287-4300-9f54-cfc8494c30c6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/515476905d43c54f0c4912d6c1c3aa88a103acc59198cba315c145d28aad22de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 515476905d43c54f0c4912d6c1c3aa88a103acc59198cba315c145d28aad22de

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/112781/

Comments