MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56fbdf0da1ead1829c6afb69b7b79b20e9302d21940452ad119f8bde4a360294. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA 4 File information Comments

SHA256 hash:	56fbdf0da1ead1829c6afb69b7b79b20e9302d21940452ad119f8bde4a360294
SHA3-384 hash:	1591d5224470a142424084c9daa2ff48efc0438c02f05cce5156afa050aee004821c809ea4527682817d9abb1fd7f2b8
SHA1 hash:	6cc79fa61a4ba4ce7bffcdabc17799ce88fdb02e
MD5 hash:	45c8094596f457b68eb96ad2d594fcfc
humanhash:	island-three-robert-delaware
File name:	MAN Enterprise.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	71'352 bytes
First seen:	2021-03-31 13:13:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	768:ch/MsoFQoNpbVHG1sVkiVZDv65cUJSIj8jnbkalAvm/PalOpXwhS:cxLGThnjAvm/PalOpn
Threatray	92 similar samples on MalwareBazaar
TLSH	4A63CEABE9F0321CCC3B4AF8CC8E7167F55DC412548CE388644C939BA357EA4994D9B2
Reporter	James_inthe_box
Tags:	AgentTesla exe signed

Code Signing Certificate

Organisation:	YUiUhDZDWMwicOijckbGhWeGejhAdzrpqVbEKIYhjqcHazPN
Issuer:	YUiUhDZDWMwicOijckbGhWeGejhAdzrpqVbEKIYhjqcHazPN
Algorithm:	sha256WithRSAEncryption
Valid from:	2021-03-30T20:45:10Z
Valid to:	2022-03-30T20:45:10Z
Serial number:	6ec8f3b9b6376f454ca2406e9eb50370
Thumbprint Algorithm:	SHA256
Thumbprint:	bf63c8dc77742ac8054897c2ff5462225e2e8c2ec38f5d93f65052121185dba3
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

MAN Enterprise.exe

Verdict:

Suspicious activity

Analysis date:

2021-03-31 13:18:41 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9bd83ec3-41bc-4961-abb5-6266b972c0b5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/129299/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader38.19042.8772.9463.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/660344

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/56fbdf0da1ead1829c6afb69b7b79b20e9302d21940452ad119f8bde4a360294/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-03-31 13:13:41 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

16 of 29 (55.17%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=k3556dnb5liyfhdk7nu3pn43edutaljbsqcfflirt6f54srwakka._file

Verdict:

suspicious

AgentTesla

1b7afa2a07f65c2cb04454ba72f066bdc4daf640ad3b75cfac5fe82eed6c2c76

AgentTesla

3f9d5b3c82e841a570d286b23580f0a039168d5f588042922267a6b1fd279e40

AgentTesla

4fe0cf5ea4078adae2170d820443a1a8d91d1eb6dbf886db70783998ffd65d0e

AgentTesla

595736e53ca10cf360d6859269d1ac8d2ee2758da03dc15a30d10c539ca4fd0a

AgentTesla

90a634ffa9eb1fc2dd8aeaabf1aed592a4cf18a824f5b9160f052ac642eeb79a

AgentTesla

9393bb45de0f031823a1a20605717445611633132cb3f82d6c99b0d75725747e

AgentTesla

be499564a1e7bce8b84128bc9ba671c1e24eb7bfe42784d47016b712205cb30c

AgentTesla

ef2b0fcedd1f0152f46bd70df17283496544281d5ecff14b0ba81dfa2c091ac6

AgentTesla

fb9f7f38a88c00172db06d780a7df78a42d437532c554945f1ac227619ff622a

AgentTesla

+ 82 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210331-tpx8wqa9ga/

Behaviour

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

56fbdf0da1ead1829c6afb69b7b79b20e9302d21940452ad119f8bde4a360294

MD5 hash:

45c8094596f457b68eb96ad2d594fcfc

SHA1 hash:

6cc79fa61a4ba4ce7bffcdabc17799ce88fdb02e

Link:

https://www.unpac.me/results/1d273675-74cc-46a0-baa1-5810a2048b99/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.10

Link:

https://yomi.yoroi.company/submissions/56fbdf0da1ead1829c6afb69b7b79b20e9302d21940452ad119f8bde4a360294

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ach_AgentTesla_20200929 Create hunting rule
Author:	abuse.ch
Description:	Detects AgentTesla PE

Rule name:	INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu Create hunting rule
Author:	ditekSHen
Description:	Detect executables with stomped PE compilation timestamp that is greater than local current time

Rule name:	MALWARE_Win_AgentTeslaV3 Create hunting rule
Author:	ditekSHen
Description:	AgentTeslaV3 infostealer payload

Rule name:	win_agent_tesla_v1 Create hunting rule
Author:	Johannes Bader @viql
Description:	detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/129299/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample