MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 15


Intelligence 15 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
SHA3-384 hash: f145ff38feacf6bafc002e06b5b1d57b11ad3b06a49b4089716e7bac3be0f64c715315e35b275f357a19fecca904805b
SHA1 hash: 84b1d8f67b5fbbaf9ef7755ad675ad014dabc769
MD5 hash: 6ecc659d73024a81e572662afc6918da
humanhash: chicken-india-social-green
File name:581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
Download: download sample
Signature AgentTesla
Create hunting rule
File size:792'064 bytes
First seen:2023-07-05 13:16:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 12288:K9mv0lWxMzIHREJVk/bq4izoW/m7SiZgnR094dcVYQBzixJVaEvqHKIPIs+PRAbL:sm8lWxMiQW/O4ue7rGQteJqf+PLs
Threatray 3'359 similar samples on MalwareBazaar
TLSH T12FF4F119A1BB1B2EC4BA6BFD090011349BF5649F71A7D3026EDA68DFDD64F000E85A73
TrID 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.2% (.SCR) Windows screen saver (13097/50/3)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter adrian__luca
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
273
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
Verdict:
No threats detected
Analysis date:
2023-07-05 13:19:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/783ca160-4b2f-4532-a786-c37d7fe54710

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/407701/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67397419.6350.25018.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Restart of the analyzed sample
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
formbook packed
Link:
https://www.filescan.io/uploads/64a56d4f6647cd2df844bdaa/reports/67b1fe18-38c4-42d7-b93e-797769a41074/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b65153aa-01b0-4f1f-ac36-4b566635a980
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1267271
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected FormBook
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1267271 Sample: Dd1WYc3BqS.exe Startdate: 05/07/2023 Architecture: WINDOWS Score: 100 37 www.gevorceperience.site 2->37 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 6 other signatures 2->51 11 Dd1WYc3BqS.exe 3 2->11         started        signatures3 process4 file5 35 C:\Users\user\AppData\...\Dd1WYc3BqS.exe.log, ASCII 11->35 dropped 55 Tries to detect virtualization through RDTSC time measurements 11->55 57 Injects a PE file into a foreign processes 11->57 15 Dd1WYc3BqS.exe 11->15         started        18 Dd1WYc3BqS.exe 11->18         started        20 Dd1WYc3BqS.exe 11->20         started        22 Dd1WYc3BqS.exe 11->22         started        signatures6 process7 signatures8 65 Modifies the context of a thread in another process (thread injection) 15->65 67 Maps a DLL or memory area into another process 15->67 69 Sample uses process hollowing technique 15->69 71 Queues an APC in another process (thread injection) 15->71 24 explorer.exe 2 1 15->24 injected process9 dnsIp10 39 www.acpwatertreatment.co.uk 216.245.197.43, 49703, 80 LIMESTONENETWORKSUS United States 24->39 41 shops.myshopify.com 23.227.38.74, 49702, 80 CLOUDFLARENETUS Canada 24->41 43 2 other IPs or domains 24->43 53 System process connects to network (likely due to code injection or exploit) 24->53 28 wlanext.exe 24->28         started        signatures11 process12 signatures13 59 Modifies the context of a thread in another process (thread injection) 28->59 61 Maps a DLL or memory area into another process 28->61 63 Tries to detect virtualization through RDTSC time measurements 28->63 31 cmd.exe 1 28->31         started        process14 process15 33 conhost.exe 31->33         started       
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2023-06-05 16:50:31 UTC
File Type:
PE (.Net Exe)
Extracted files:
21
AV detection:
25 of 37 (67.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lane6nf2pw3g4vu5fwitl6hhhyej5u54izkmfzijtoxwqvawmaqq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
16bd868c6c2200864825de71892e8802f0f7f243f476dcd38e9d713bb0a5ee44
AgentTesla
2c4d743879afbbe0b4baa18e99e515a8b0586caf23308026e233c2031e69237c
AgentTesla
3e742163144a721a8d6733f9653c2acca1638eced30159467a6768aff047f25c
AgentTesla
4baabf9e31ff1f2fec8fa4f3165d5456836c307591bf8840ec5a8074759fe742
AgentTesla
9c3d5704da83029f78ee8cf532c746cd04834f5375a698f21c50040ade6c5a09
AgentTesla
a2ed07bb61747f46086f07900e698d552f1a36ac21bbeee313894743aeb1276a
AgentTesla
b81b5d7a927299cc54748988d70523c615e82e21482652510a1a95db89b3521d
AgentTesla
bfede26656dbab01c01f5187f8a5d9b63cd0f8bba301e8c1d145bda515960f02
AgentTesla
+ 3'349 additional samples on MalwareBazaar
Result
Malware family:
formbook
Create hunting rule
Score:
  10/10
Tags:
family:formbook campaign:ks01 rat spyware stealer trojan
Link:
https://tria.ge/reports/230705-qjcprsce73/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Formbook payload
Formbook
Unpacked files
SH256 hash:
335a8639aa88b194512bbd5dd4739d60304a0841d4f3490f7583fd9edb6707c1
MD5 hash:
9674e3b4cffbfd378cb384d02b7939e9
SHA1 hash:
ac75de7840ea193007bad71ada6a4f2c2a06979b
Detections:
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
Parent samples :
bfede26656dbab01c01f5187f8a5d9b63cd0f8bba301e8c1d145bda515960f02
b81b5d7a927299cc54748988d70523c615e82e21482652510a1a95db89b3521d
9c3d5704da83029f78ee8cf532c746cd04834f5375a698f21c50040ade6c5a09
89dc8c98551c4f2b309fd2807b8bf1d24e1c2abd953930f95b5aa1987e0966f2
4baabf9e31ff1f2fec8fa4f3165d5456836c307591bf8840ec5a8074759fe742
2c4d743879afbbe0b4baa18e99e515a8b0586caf23308026e233c2031e69237c
16bd868c6c2200864825de71892e8802f0f7f243f476dcd38e9d713bb0a5ee44
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
324dcadf47a0c3085f54a7cfc51b512562ff907c953862e792356334b8fa74d8
SH256 hash:
f092d209000486a6899d047f5428dc6f36e66a3aa07b30c3903b3218256e4baf
MD5 hash:
cd12d6a4fa6dc276f4696e5b7fca3df0
SHA1 hash:
f35514a51a98821437e82c6e3bafe167eca326df
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
e6d5266a7fecec48233e88f17940ff8f89be88cf78bf3f1194c2f90974926fea
MD5 hash:
11d3f2ef99d718c51232b09ed73938d7
SHA1 hash:
0046be99280bf95213047eb69d0984c3b9bf6b0c
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
335a8639aa88b194512bbd5dd4739d60304a0841d4f3490f7583fd9edb6707c1
MD5 hash:
9674e3b4cffbfd378cb384d02b7939e9
SHA1 hash:
ac75de7840ea193007bad71ada6a4f2c2a06979b
Detections:
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
Parent samples :
bfede26656dbab01c01f5187f8a5d9b63cd0f8bba301e8c1d145bda515960f02
b81b5d7a927299cc54748988d70523c615e82e21482652510a1a95db89b3521d
9c3d5704da83029f78ee8cf532c746cd04834f5375a698f21c50040ade6c5a09
89dc8c98551c4f2b309fd2807b8bf1d24e1c2abd953930f95b5aa1987e0966f2
4baabf9e31ff1f2fec8fa4f3165d5456836c307591bf8840ec5a8074759fe742
2c4d743879afbbe0b4baa18e99e515a8b0586caf23308026e233c2031e69237c
16bd868c6c2200864825de71892e8802f0f7f243f476dcd38e9d713bb0a5ee44
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
324dcadf47a0c3085f54a7cfc51b512562ff907c953862e792356334b8fa74d8
SH256 hash:
f092d209000486a6899d047f5428dc6f36e66a3aa07b30c3903b3218256e4baf
MD5 hash:
cd12d6a4fa6dc276f4696e5b7fca3df0
SHA1 hash:
f35514a51a98821437e82c6e3bafe167eca326df
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
e6d5266a7fecec48233e88f17940ff8f89be88cf78bf3f1194c2f90974926fea
MD5 hash:
11d3f2ef99d718c51232b09ed73938d7
SHA1 hash:
0046be99280bf95213047eb69d0984c3b9bf6b0c
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
335a8639aa88b194512bbd5dd4739d60304a0841d4f3490f7583fd9edb6707c1
MD5 hash:
9674e3b4cffbfd378cb384d02b7939e9
SHA1 hash:
ac75de7840ea193007bad71ada6a4f2c2a06979b
Detections:
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
Parent samples :
bfede26656dbab01c01f5187f8a5d9b63cd0f8bba301e8c1d145bda515960f02
b81b5d7a927299cc54748988d70523c615e82e21482652510a1a95db89b3521d
9c3d5704da83029f78ee8cf532c746cd04834f5375a698f21c50040ade6c5a09
89dc8c98551c4f2b309fd2807b8bf1d24e1c2abd953930f95b5aa1987e0966f2
4baabf9e31ff1f2fec8fa4f3165d5456836c307591bf8840ec5a8074759fe742
2c4d743879afbbe0b4baa18e99e515a8b0586caf23308026e233c2031e69237c
16bd868c6c2200864825de71892e8802f0f7f243f476dcd38e9d713bb0a5ee44
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
324dcadf47a0c3085f54a7cfc51b512562ff907c953862e792356334b8fa74d8
SH256 hash:
f092d209000486a6899d047f5428dc6f36e66a3aa07b30c3903b3218256e4baf
MD5 hash:
cd12d6a4fa6dc276f4696e5b7fca3df0
SHA1 hash:
f35514a51a98821437e82c6e3bafe167eca326df
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
e6d5266a7fecec48233e88f17940ff8f89be88cf78bf3f1194c2f90974926fea
MD5 hash:
11d3f2ef99d718c51232b09ed73938d7
SHA1 hash:
0046be99280bf95213047eb69d0984c3b9bf6b0c
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
335a8639aa88b194512bbd5dd4739d60304a0841d4f3490f7583fd9edb6707c1
MD5 hash:
9674e3b4cffbfd378cb384d02b7939e9
SHA1 hash:
ac75de7840ea193007bad71ada6a4f2c2a06979b
Detections:
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
Parent samples :
bfede26656dbab01c01f5187f8a5d9b63cd0f8bba301e8c1d145bda515960f02
b81b5d7a927299cc54748988d70523c615e82e21482652510a1a95db89b3521d
9c3d5704da83029f78ee8cf532c746cd04834f5375a698f21c50040ade6c5a09
89dc8c98551c4f2b309fd2807b8bf1d24e1c2abd953930f95b5aa1987e0966f2
4baabf9e31ff1f2fec8fa4f3165d5456836c307591bf8840ec5a8074759fe742
2c4d743879afbbe0b4baa18e99e515a8b0586caf23308026e233c2031e69237c
16bd868c6c2200864825de71892e8802f0f7f243f476dcd38e9d713bb0a5ee44
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
324dcadf47a0c3085f54a7cfc51b512562ff907c953862e792356334b8fa74d8
SH256 hash:
335a8639aa88b194512bbd5dd4739d60304a0841d4f3490f7583fd9edb6707c1
MD5 hash:
9674e3b4cffbfd378cb384d02b7939e9
SHA1 hash:
ac75de7840ea193007bad71ada6a4f2c2a06979b
Detections:
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
FormBook
Create hunting rule
win_formbook_w0
Create hunting rule
win_formbook_auto
Create hunting rule
win_formbook_g0
Create hunting rule
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
Parent samples :
bfede26656dbab01c01f5187f8a5d9b63cd0f8bba301e8c1d145bda515960f02
b81b5d7a927299cc54748988d70523c615e82e21482652510a1a95db89b3521d
9c3d5704da83029f78ee8cf532c746cd04834f5375a698f21c50040ade6c5a09
89dc8c98551c4f2b309fd2807b8bf1d24e1c2abd953930f95b5aa1987e0966f2
4baabf9e31ff1f2fec8fa4f3165d5456836c307591bf8840ec5a8074759fe742
2c4d743879afbbe0b4baa18e99e515a8b0586caf23308026e233c2031e69237c
16bd868c6c2200864825de71892e8802f0f7f243f476dcd38e9d713bb0a5ee44
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
324dcadf47a0c3085f54a7cfc51b512562ff907c953862e792356334b8fa74d8
SH256 hash:
f092d209000486a6899d047f5428dc6f36e66a3aa07b30c3903b3218256e4baf
MD5 hash:
cd12d6a4fa6dc276f4696e5b7fca3df0
SHA1 hash:
f35514a51a98821437e82c6e3bafe167eca326df
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
f092d209000486a6899d047f5428dc6f36e66a3aa07b30c3903b3218256e4baf
MD5 hash:
cd12d6a4fa6dc276f4696e5b7fca3df0
SHA1 hash:
f35514a51a98821437e82c6e3bafe167eca326df
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
2f13f4db3405dfac3dd2945be3de440607b6e8479951c2630823009700083953
MD5 hash:
084fd7e237ece48508277cdfd578e47d
SHA1 hash:
f152839ca9518552e41320c8b3bab96d01a911e5
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
c440617e04a50ced73c8ab992cbe8d8954a3e41f21f046ee9d1f2a41ea9b416d
MD5 hash:
9390df6c9a6111978dee5414bc42eda6
SHA1 hash:
d3cb1c366b9e466afa93eb369838a04d30777795
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
e6d5266a7fecec48233e88f17940ff8f89be88cf78bf3f1194c2f90974926fea
MD5 hash:
11d3f2ef99d718c51232b09ed73938d7
SHA1 hash:
0046be99280bf95213047eb69d0984c3b9bf6b0c
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
e6d5266a7fecec48233e88f17940ff8f89be88cf78bf3f1194c2f90974926fea
MD5 hash:
11d3f2ef99d718c51232b09ed73938d7
SHA1 hash:
0046be99280bf95213047eb69d0984c3b9bf6b0c
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
SH256 hash:
581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021
MD5 hash:
6ecc659d73024a81e572662afc6918da
SHA1 hash:
84b1d8f67b5fbbaf9ef7755ad675ad014dabc769
Link:
https://www.unpac.me/results/2020e94a-d4b8-47fa-8016-66db143beda7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/581a4f34ba7db66e569d2d9135f8e73e089ed3bc4654c2e5099baf6854166021

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/407701/

Comments