MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c48cd3f4eba017d3a0aea873a3ca3bc61bcdc3aa6a52727ee1236ddb885604d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	5c48cd3f4eba017d3a0aea873a3ca3bc61bcdc3aa6a52727ee1236ddb885604d
SHA3-384 hash:	fae02865cf39e31267f7bf9aaf359e1ede3746b17fc27ec7c8c3efbe66408ca1bc6074766bac63b1e984e2103a1fb311
SHA1 hash:	85eadfb8573e808a65a1c9ca8fff823b02176cd5
MD5 hash:	6b371d3dad25d27a44102a0befde95dc
humanhash:	jupiter-fillet-east-april
File name:	eKQjpOW3gGIdCyb.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	718'848 bytes
First seen:	2020-08-28 14:12:27 UTC
Last seen:	2020-08-28 14:37:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:GqAiw0mOLZx8/xehNdnyCHJgzQAuHa50md5eXPpJ3XPFU3XVh:TAli8/CTHJE9m/X7dEV
Threatray	33 similar samples on MalwareBazaar
TLSH	C6E4239533AC0B35C5E45FB52E6E3604A3F4354AFDB6CF998FD2A5E72E02780412168B
Reporter	James_inthe_box
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/52360/

Detection(s):

SecuriteInfo.com.Trojan.Inject3.53454.20073.31727.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Using the Windows Management Instrumentation requests

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/453610

Signature

Antivirus / Scanner detection for submitted sample

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Yara detected AgentTesla

Yara detected AntiVM_3

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5c48cd3f4eba017d3a0aea873a3ca3bc61bcdc3aa6a52727ee1236ddb885604d/

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-08-28 10:56:52 UTC

File Type:

PE (.Net Exe)

Extracted files:

4

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lrem2p2oxiax2oqk5kdtupfdxrq3zxb2u2ssoj7oci3n3oefmbgq._file

Verdict:

unknown

Similar samples:

036c0fbb1ffb23e9bfd4b4834a396d79ec319078865adf3ef75418450cf9fd18

1bf67b967c8397bfab22e326bce6efa64c647206102d4753569ba1abb538d685

444338fed0f0499fb9d5a4862b64386472c22329aa75f6c544c6d37b8b5a629f

4ab00875960cf2aace6c95e245327e7c27ba9cde509afd927ace70756a40c0c8

a2938e6462b02115d0579cb8a4294626eb792a781b68175844a5fb26ae6de0b6

bd6650220b7fa539c937c4008df96914a86b1cbaa0098588a9b4ec0175f0c679

cb26b474b4f7be86dc5bf39c595a93d1e3353bd25312d83249dc4e1097df2f3e

dfe001ed1950d612ea59a75c6367629ff0e031853e9f7a12b7f0381a4f20660f

fafa7913ac9ff3330896a63b8db3d8e8f88e35a10de8a96dafa570ed29b537d6

fb80c2113b1bf08db1c5f3997c9787f5b819418473975c4a370e4c5cebfa3b7f

+ 23 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

keylogger stealer trojan spyware family:agenttesla

Link:

https://tria.ge/reports/200828-6gebzrgjra/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5c48cd3f4eba017d3a0aea873a3ca3bc61bcdc3aa6a52727ee1236ddb885604d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/52360/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample