MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5306d6555e4acee83d6186f357027fe344ac6bee109e606814b59e34bc6a6af3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5306d6555e4acee83d6186f357027fe344ac6bee109e606814b59e34bc6a6af3
SHA3-384 hash: a31677df9a46490b73b465ed06679adef1e2aa93c7ba227973ebde947b9ba0d90604eb1e657c37b273e9599a05fdf2c0
SHA1 hash: dc9558d86b655d4972da340924d64e91fa40eb3e
MD5 hash: ba68ec96b7bf8dbf25bf140f93e0206b
humanhash: two-timing-venus-fillet
File name:QTY 98657 RFQ MANDATE 020521.0003YDK.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:754'688 bytes
First seen:2021-05-02 16:18:11 UTC
Last seen:2021-05-02 17:05:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:WSoLLoS60/K7yh0d5TfIuet7PO7JDyYBKe8elU90frMhaQ9R/PmkwIvo35wZFd:WSoLAdc727JNKw+90AhxR/c35w7
Threatray 4'358 similar samples on MalwareBazaar
TLSH 2BF47CFCB65465F0D3576D23A3CF1C0642251270A93BA90F8B6023BE5A67E173E3998D
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/147906/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Save.a.695.16604.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/706465
Signature
.NET source code contains very large array initializations
Found malware configuration
Injects a PE file into a foreign processes
Installs a global keyboard hook
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/5306d6555e4acee83d6186f357027fe344ac6bee109e606814b59e34bc6a6af3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-02 12:47:00 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kmdnmvk6jlhoqplbq3zvoat74ncky27occpga2auwwpdjpdknlzq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
014b3137818fe9c6b66f870dfb5a2d59ea9e78ef414cb28dae5142e9eeb1736c
AgentTesla
08f9ff6bbe01d3fab54974c872fbdf2f8fa1fd1f32649c776f0626030169272c
AgentTesla
1c0b7ba671b8de1bedfeced32e83472fc688e5dc4fe729b368ffd76e70dbd60d
AgentTesla
2522ea700a97b838b02d221e7685c5d2bb6f6657141f54bbcc2d7838a0c4029d
AgentTesla
67377c6c2259974077c2b7476f77823862ed6d5c6ce95c579e101b3d0a81b71e
AgentTesla
6f175e5ca3aed259ec1288d9dbd2510bff46dd383f95c07d9495570699934445
AgentTesla
865be6910571e1334ef42b0396a44f76c45ad6048132da31f5599fe2dcfa2081
AgentTesla
9b49a9b7baa2dd6642fcc3c97976f6f1ddb0f8d6b4261ce4b32583c75a572e4e
AgentTesla
acef7155f56a1434770c602a92ebf4945474ad85e9382df19ff5d3ffee461423
AgentTesla
f04d5b287971f60d5f04b262f3714a790b7d7c9b591ab88faa1d1f5244792d09
AgentTesla
+ 4'348 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210502-tml4l58bys/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
74b2935b9dfe4ba397fd0507ae3c36abb77193041f2e7c43c55dc4e7b33de61c
MD5 hash:
b5c218f30fecc9cb8513ff6a46737b01
SHA1 hash:
f0416867c2b114789620b318051f1fa390b07eae
Link:
https://www.unpac.me/results/f4a0cef9-0f46-43c5-a6a0-0400c8c9373e/
SH256 hash:
d97da71ff33919cc7ba82c6ade49d61c241f2149b7b09cf0e31e2251eedee240
MD5 hash:
18fa9e08dde6914704f288b0655ed741
SHA1 hash:
995c4efe9720686149387e2b13a7362e181da325
Link:
https://www.unpac.me/results/f4a0cef9-0f46-43c5-a6a0-0400c8c9373e/
SH256 hash:
f30c95a75d00ab7b6e5c44761370d0d2bf144edea3a6d13a6e1f350501b056e9
MD5 hash:
ac7ae6df7dcaa11503d5e0013a7b1f4b
SHA1 hash:
01185223cb41100a7f7cc330f0c723831a147092
Link:
https://www.unpac.me/results/f4a0cef9-0f46-43c5-a6a0-0400c8c9373e/
SH256 hash:
5306d6555e4acee83d6186f357027fe344ac6bee109e606814b59e34bc6a6af3
MD5 hash:
ba68ec96b7bf8dbf25bf140f93e0206b
SHA1 hash:
dc9558d86b655d4972da340924d64e91fa40eb3e
Link:
https://www.unpac.me/results/f4a0cef9-0f46-43c5-a6a0-0400c8c9373e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5306d6555e4acee83d6186f357027fe344ac6bee109e606814b59e34bc6a6af3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/147906/

Comments