MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a4f664ec25252863eb4bd01793b93af16849a7784863115a1b1e0ff7aaa5f0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	5a4f664ec25252863eb4bd01793b93af16849a7784863115a1b1e0ff7aaa5f0f
SHA3-384 hash:	34b9368859b5fe6a148db06dd124e47242413bf120616b49b854c69f86aa7012189685d961163015e64d739d4299cc56
SHA1 hash:	f03c87476618c88412865291e38c19572f360987
MD5 hash:	42f147f01293f910a3424cb8f1ec718e
humanhash:	lima-fix-happy-mobile
File name:	42f147f01293f910a3424cb8f1ec718e.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	300'105 bytes
First seen:	2020-07-09 12:03:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	6144:G01fKjTPfrPL/LS6aDeVuRrJuuIj6N+9WHzgFo/QOg00l:B5lzXI2KW0FAgJ
Threatray	90 similar samples on MalwareBazaar
TLSH	9054026FE95D4373C803183C5EAD402241AED3AE9F119D56E8BAA10DFD019F2BDD1A4B
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin

# of uploads :

1

# of downloads :

72

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/23733/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.58053.30115.8883.UNOFFICIAL

SecuriteInfo.com.Trojan.DownLoader33.58053.13876.13358.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Using the Windows Management Instrumentation requests

Reading critical registry keys

Launching a service

Creating a file

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5a4f664ec25252863eb4bd01793b93af16849a7784863115a1b1e0ff7aaa5f0f/

Threat name:

Win32.Trojan.Dynamer

Status:

Malicious

First seen:

2020-07-09 10:27:41 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ljhwmtwckjjimpvuxuaxso4tv4lijgtxqsddcfnbwhqp66vkl4hq._file

Verdict:

unknown

Similar samples:

0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952

2293a7d41f1e0868e0ce28fc1379d3ad9ed5e58cdbb84f152e6218da02c9ca8c

53afdc78b9ae97f2130dbda12deff6f86d32504dec7ad771d9e59ff9f4646b9b

57994e763a8cb4ffd90cc837f48dab46de26c3abbb9b3b76612fa0813d08a79c

92eadd8fcf1d04978390cd854817d52bcbdf54ea60bd1dd3c24d8ab2bad843d1

9c1b8304fd7584fd24761e6e785f33f81d6453ce86f0e672c101e3e17757aef3

a311153c791b849034091bb57c8904ea17ee09b453b69bb7b28ab637389ad1eb

b2762663ec4cb81d9b5b27725628e1c9300575c29d558b24e2425df54cf9c105

dea877be3b8ceb7eb4cb1bb40895bc6886d3ccb0f2498e7b3c4257d726a7d896

df0defce758bd92b2db07399101c52e04c8059b1712ae0e74a420058cbbba52d

+ 80 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200709-6lyk4bafqe/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Reads user/profile data of local email clients

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5a4f664ec25252863eb4bd01793b93af16849a7784863115a1b1e0ff7aaa5f0f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/410469/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/23733/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample