MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef
SHA3-384 hash: 1c5c4f461ef8c3f45fba136ee4019974d445e6462253288b4c6e8209e01365c265915200bec5858b2dacbf4a1b9a752c
SHA1 hash: 0051d31e12130cb1ad06ccd5f3ff3b7de2d39cbb
MD5 hash: aca0021462b5d73ea8003abbbfbe0f65
humanhash: missouri-may-nebraska-bulldog
File name:aca0021462b5d73ea8003abbbfbe0f65.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:444'416 bytes
First seen:2023-12-22 06:55:29 UTC
Last seen:2023-12-22 08:18:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:LKvmomWOHSNfK+ImJugtoqArwT+WUyJwTM36aHL8:6b/BNhIQuAo++TUwTM36aHL8
Threatray 86 similar samples on MalwareBazaar
TLSH T18E9402A8B6BA0543ECBD4BFA40625219E3BA71236912D3DA5DC720D60CF4B60C751F9F
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 0060796969697000 (8 x AgentTesla, 6 x Formbook)
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
269
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
New Text Document mod.exe
Verdict:
Malicious activity
Analysis date:
2023-12-22 05:32:47 UTC
Tags:
amadey botnet stealer loader risepro hausbomber evasion opendir redline trojan lokibot agenttesla phorpiex guloader originbotnet formbook spyware purplefox backdoor nitol dupzom
Link:
https://app.any.run/tasks/5e9712be-b929-4f51-99ef-ad6af84510de

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468925/
Detection(s):
Porcupine.Malware.58887.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/658533076b1c246046010e60/reports/b98277fd-c335-479d-8d74-9132693bb690/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8b0f9ade-76e2-437b-97ff-fa1150e2726a
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1365994
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1365994 Sample: mpsnYvAnec.exe Startdate: 22/12/2023 Architecture: WINDOWS Score: 88 14 Antivirus detection for URL or domain 2->14 16 Antivirus / Scanner detection for submitted sample 2->16 18 Multi AV Scanner detection for submitted file 2->18 20 4 other signatures 2->20 7 mpsnYvAnec.exe 3 2->7         started        process3 signatures4 22 Injects a PE file into a foreign processes 7->22 10 mpsnYvAnec.exe 7->10         started        process5 process6 12 WerFault.exe 21 16 10->12         started       
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-22 05:13:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
14 of 35 (40.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lkgfoz6ov54xbsttexflyys6kebmivdlz6awmrs6apj23rwf2txq._file
Verdict:
malicious
Label(s):
agenttesla_v4
Create hunting rule
Similar samples:
246dffa57c6a16da3637457c2b4842f4d94910419be364546cb56d14b0973c9a
AgentTesla
2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2
AgentTesla
a1f0549c87d8f85082139d291768119dd287b04eede4786516579901bfc261cf
AgentTesla
a50c08375ddd2954e1f0082afddecbe511c8cd55111471b34d9820f2874cdf04
AgentTesla
ab4bf405f7974a896d2908640ee1e09281035911ea6760076d2cc1271afc3869
AgentTesla
f3822be58e564a1b2a398a19230c9c883db834f2728123af346eb7e74c3a86c7
AgentTesla
fe98cdaacbbe31c9dee59a926693dc719ea9f1839ff62fa6997f5faf32a6a1aa
AgentTesla
+ 76 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/231222-hqcpcabcel/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
8d0435dea7dd83e37981cca7d32a185b6d276eb974f646f35eb9a667e16108c6
MD5 hash:
7d252805a66095d10b0e9450ec651d1a
SHA1 hash:
f2ff49c6141785dae1111addefb66980975a8eeb
Link:
https://www.unpac.me/results/14c3b5f5-a3c3-4ff1-b367-faa497df3073/
SH256 hash:
5d1e1615d38a40f7b6dac9820ea8dfd2d95df4f5fcbfc9764671f160b2ae0767
MD5 hash:
15b6f440537d41ae4d17e2b300912dbf
SHA1 hash:
8da12e6210ab9d4c6e1f2e69864ec3f9bb62ebc6
Link:
https://www.unpac.me/results/14c3b5f5-a3c3-4ff1-b367-faa497df3073/
SH256 hash:
1b2da92af4f302d4bf71e3b6057ae6a116ef04aee16596d014a68b7d8c9d41bf
MD5 hash:
48bba01e1602fb865a9afba1d82b66ee
SHA1 hash:
56cc82e991c01ffb2996423a2d51586169adc59e
Link:
https://www.unpac.me/results/14c3b5f5-a3c3-4ff1-b367-faa497df3073/
SH256 hash:
e3d65bd9581460ee982d8040e2376222317843cba4c45e1e8567a4bb2d426f66
MD5 hash:
0a64362f023ad6fb6846acba666136ef
SHA1 hash:
1cf8a0db76830c2a093084e2b04f268648a943de
Link:
https://www.unpac.me/results/14c3b5f5-a3c3-4ff1-b367-faa497df3073/
SH256 hash:
5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef
MD5 hash:
aca0021462b5d73ea8003abbbfbe0f65
SHA1 hash:
0051d31e12130cb1ad06ccd5f3ff3b7de2d39cbb
Link:
https://www.unpac.me/results/14c3b5f5-a3c3-4ff1-b367-faa497df3073/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 5a8c5767ceaf7970ca7325cabc625e5102c4546bcf8166465e03d3adc6c5d4ef

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2742700/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2742013/
Cape
Cape
https://www.capesandbox.com/analysis/468925/

Comments