MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c276ccc993a6b068a9ba8c9f3bcd2ea8f8a8d88c318991108696b41c35d3a86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c276ccc993a6b068a9ba8c9f3bcd2ea8f8a8d88c318991108696b41c35d3a86
SHA3-384 hash: 991691111fdd9adc5efaf62345c454969ec63ef6dea883b73ac5a7b90b2b6c99a2a50ce86377ec36892396f60f86bd8e
SHA1 hash: 3822d7f7349cbb41775d091eee90f8378fd405d5
MD5 hash: 5de4557336e1e26e536c97b391cefd0d
humanhash: beryllium-april-georgia-jersey
File name:SecuriteInfo.com.Generic.mg.5de4557336e1e26e.6322
Download: download sample
Signature AgentTesla
Create hunting rule
File size:425'872 bytes
First seen:2020-11-12 13:46:20 UTC
Last seen:2024-07-24 14:49:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'796 x AgentTesla, 19'695 x Formbook, 12'276 x SnakeKeylogger)
ssdeep 6144:4Pf1ZXrYp9t6Lxz8URVY4QEYPt4xONTCbew+T9:29trY0Lxz8URVJNYi2xXR
Threatray 552 similar samples on MalwareBazaar
TLSH 1394D4F6381F411AC5AA2E718C50CA81BF7D1BC2BA41971DF49E633C2DA472E73065E6
Reporter SecuriteInfoCom
Tags:AgentTesla

Code Signing Certificate

Organisation:CRYPTOLAYER SRL
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Oct 17 00:00:00 2019 GMT
Valid to:Oct 16 23:59:59 2021 GMT
Serial number: 105440F57E9D04419F5A3E72195110E6
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: E95C7B4F2E5F64B388E968D0763DA67014EB3AEB8C04BD44333CA3E151AA78C2
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.5de4557336e1e26e.6322.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Running batch commands
Launching a process
Creating a file
Creating a process from a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a recently created process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c276ccc993a6b068a9ba8c9f3bcd2ea8f8a8d88c318991108696b41c35d3a86/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 11:21:06 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqtwztezhjvqncu3vde7hpgs5khyvdmiymmjseiinfvudq25hkda._file
Verdict:
malicious
Similar samples:
09f20acd87a94d2a22202840d712eb5658471c2c39168d6178890ddcc313e9f3
AgentTesla
1d5d33d83029cd0b64bd4171db3e6535c4f50d31cc585b6e2b10345121c346fc
AgentTesla
240159852a07d731922811db6650130ff93a374e2128e72bf2b7cf8b52fe551e
AgentTesla
28dac03786f358f9f18751a1e0809e61de6f29a999c45ebc42b778ecf924a880
AgentTesla
a83497c7e3335390441e23f19360eb02a9f9e0613afe56bd0743e1502e1d01df
AgentTesla
a837374ed66cc50cb5760f0f948db288657fd0891687f43df9b9260dfb71449c
AgentTesla
d5886c42f7b8f77d036091616f0314f37e2db5c117aaa769ede368027fe7d43a
AgentTesla
e423f6b4b543c1ed3a05bae9ae421e81c17eb3f02d7aea46ff2c9996d76b9858
AgentTesla
f06e899675196185bd5ced2ea49470470f7b466225b2aae345d0068c652263e6
AgentTesla
fd54073286010523ef59ce428c3ae8b92f87abce1027ed232befe46499bf5e53
AgentTesla
+ 542 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201112-mlh8147552/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Drops file in Drivers directory
Executes dropped EXE
Unpacked files
SH256 hash:
5c276ccc993a6b068a9ba8c9f3bcd2ea8f8a8d88c318991108696b41c35d3a86
MD5 hash:
5de4557336e1e26e536c97b391cefd0d
SHA1 hash:
3822d7f7349cbb41775d091eee90f8378fd405d5
Link:
https://www.unpac.me/results/9ceed402-b3f0-4ac4-9119-06173266ff67/
SH256 hash:
8bd423da9c6ffee5ec8b9dee9e3dfeb73aa692e645f462ce906dac7b88d41756
MD5 hash:
617ae42c059f30c382b6ecbeb1cac2df
SHA1 hash:
abc1b5253ec98460e97bd8b8b48186e6a3eef3b1
Link:
https://www.unpac.me/results/9ceed402-b3f0-4ac4-9119-06173266ff67/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 5c276ccc993a6b068a9ba8c9f3bcd2ea8f8a8d88c318991108696b41c35d3a86

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/810351/
  
Delivery method
Distributed via web download

Comments