MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5249e322b12bb4eac27d6358c19c5acfde591e04d061e94ac4df72db49dd8cd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5249e322b12bb4eac27d6358c19c5acfde591e04d061e94ac4df72db49dd8cd6
SHA3-384 hash: d3e32e3aefe46cf639a0457270e994282baf2fbd9dfadcbdfad34c12571d6ff080ddb635c74d7ae16c72364f614cd5ab
SHA1 hash: 03c618f12b25c030aba1178e520501169f2e5496
MD5 hash: 9d6b1182fc2d6adce79a61127de11abd
humanhash: california-four-mobile-london
File name:c719afa8b52770e0661ae7bcf071b658
Download: download sample
Signature AgentTesla
Create hunting rule
File size:623'104 bytes
First seen:2020-11-17 15:34:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 09731745edb87bde64ef9361c2d2a14c (3 x MassLogger, 1 x RemcosRAT, 1 x AgentTesla)
ssdeep 12288:vhVChcpexyUMyKT8D01d7X5hsibFFQpfId6gF5:vhVfahdKT/WibFFQpfIdrF5
Threatray 1'336 similar samples on MalwareBazaar
TLSH E3D47B1568F1DC32FCBCF9F4EA40A3562D2D6C3205A17B5ABBB7BEAA16B01F1111D160
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Unauthorized injection to a recently created process
Creating a window
Launching a process
Using the Windows Management Instrumentation requests
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5249e322b12bb4eac27d6358c19c5acfde591e04d061e94ac4df72db49dd8cd6/
Threat name:
Win32.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:37:32 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kje6givrfo2ovqt5mnmmdhc2z7pfshqe2bq6sswe35znwso5rtla._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
261036c3c84844bc59b94e39261363d6d9443350e27e1fd4fa8e7716ab6a2e83
AgentTesla
33c6ab107de081461d6f7b67d5d120efc3dd15ba75351d9a564884d6368078fe
AgentTesla
38cf806ecaf30b5209ebce1a41e7ac877d3201cec05f4a665fe85797a7069bbc
AgentTesla
428b4819734a979d5685b235d190ab9e07bfd6e5098e22ee9195cd386dc701d0
AgentTesla
4fb0f5d8aace8234fd8ed8d02b7d8b3643bbe5350904da254c2c0fdb16ecabe3
AgentTesla
88940cdb5af43de1c9f192bcc96bd258f5632e40c04db36ecff072516821794e
AgentTesla
8a21b943ea85a94fb89a4222be1b22222b71447cc16fe9b1ef58957029210a8f
AgentTesla
c2df8e72382149481c403e6a2d52dbb93daeb046e8ce23247ec763f50490be96
AgentTesla
d9b7bb2c86f319f087b2e08d9097639b134acff8298e28a736a103e4eb3a6cbf
AgentTesla
ec5f9f7e91d92d5676b928f6b88f3d7e429b948811eb5c8358f36cffe67a97df
AgentTesla
+ 1'326 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
5249e322b12bb4eac27d6358c19c5acfde591e04d061e94ac4df72db49dd8cd6
MD5 hash:
9d6b1182fc2d6adce79a61127de11abd
SHA1 hash:
03c618f12b25c030aba1178e520501169f2e5496
Link:
https://www.unpac.me/results/40822cb8-3369-40a1-9bfa-ec5d1ab74dc1/
SH256 hash:
1840b827e2b3d8e295a0dad89a1725919135f877afec3a208dbb5fab6ae208ae
MD5 hash:
e95e3483b22b4ce3812de0322c12d1f8
SHA1 hash:
1dd61d301cd93d32787b61eef3db8001b202ef87
Link:
https://www.unpac.me/results/40822cb8-3369-40a1-9bfa-ec5d1ab74dc1/
SH256 hash:
29c69f425c0d75dff469053f4f54a7324f0b24fbfd1993d78804a223cbd8144e
MD5 hash:
9780884de0e0fff96d8fe5386f60ba2b
SHA1 hash:
1f815f7121a7af2906fe0e4a354b56fe149dffc3
Link:
https://www.unpac.me/results/40822cb8-3369-40a1-9bfa-ec5d1ab74dc1/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments