MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60379d971a1ea92ae69538a766898156703ecbe9180e52c27c9cc1eb3c6e53e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60379d971a1ea92ae69538a766898156703ecbe9180e52c27c9cc1eb3c6e53e3
SHA3-384 hash: da66c6eb68442418ae10fd9cd8c91cd3d1772ba6b40d04000f7dde936bf13c34b341344d7333a21466acc6c77d63b2c5
SHA1 hash: 86496247dff4842215070d41153676bfe49b3d58
MD5 hash: af5ad31a77b2607a26da301bdd1b4a3e
humanhash: ten-steak-vegan-cola
File name:3eb04f95f91bcbcaaaf375708722d9de
Download: download sample
Signature AgentTesla
Create hunting rule
File size:791'552 bytes
First seen:2020-11-17 11:43:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:dHwUE0dZ2UxujTyuagybyHHlYX7jle7Zqo2UfBJ9qpjD2ujVpg4GJnh:WUE0dZ2UxcT3agPHcHLo2MHQ+
Threatray 1'324 similar samples on MalwareBazaar
TLSH 91F47B883995F59FC41BCF7A89951C50AA212C7B534BF203965B35E9893EBC2CA103F7
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a process with a hidden window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60379d971a1ea92ae69538a766898156703ecbe9180e52c27c9cc1eb3c6e53e3/
Threat name:
ByteCode-MSIL.Spyware.AveMaria
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:45:45 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ma3z3fy2d2usvzuvhctwncmbkzyd5s7jdahffqt4tta6wpdokprq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
05edc3fe4fb4bfa22e5e3ce66e66a4f258adc1aebbb26142bafd1a9264feb4b9
AgentTesla
345597dd8973b67e999a9e16ccd9fd1a4935aab9477f79f540359f2e1472bb81
AgentTesla
3b8d284c6efba073df5011436e08269a23822a5fbb42be01ff9315bc74619300
AgentTesla
66197755f231900a2ada2b6ab7099c7a4e6db611749b1e7aba4dba24a0fd2c65
AgentTesla
6b75182568a1cf2fef851977be460536fe4a0af4aaf05b41a253c53f2af276fc
AgentTesla
b272e050a452d6d110a73dd582219d991fc710e44855691d99ccf5d45c4edbfb
AgentTesla
b5aeb6d277320df561d9bb77a95e976c5527c17441292ec7b5bafc441fe746d0
AgentTesla
bb5f661c2d85c4e1156418cf0567e4a3d01c7190dad1073a40bf74cae0ffdb9e
AgentTesla
d5a2e34a8816a75fe9d6cd9b9035040ea5777429dc7eeebc0ebb7f8a4d897495
AgentTesla
f39b3fc42fd8089d99eae4cb1ecead6e3d772007d766c1f982ab1834af68dc00
AgentTesla
+ 1'314 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201117-f6swtvcj8a/
Behaviour
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Reads data files stored by FTP clients
AgentTesla
Unpacked files
SH256 hash:
ed906895e2eb168c27208ae87b3c0f3c43c51729d71e668d0e950f93468e932b
MD5 hash:
24964d67f0fd0a2c81a97a91bcb8a2d1
SHA1 hash:
452e8165c1c729f4f25dd4354d695eaa8a63c3f7
Link:
https://www.unpac.me/results/b199cc11-c880-4ace-ae08-15c1786ee8ea/
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/b199cc11-c880-4ace-ae08-15c1786ee8ea/
SH256 hash:
68ca18db30f17f4d18c26ce001af7f7f003238941f7d9269de4142dd2eafe613
MD5 hash:
3fa9dc58d0683b7666fa27b842d87800
SHA1 hash:
f95a9e87567c66dc8feac9f42a9b86c1a0f5255b
Link:
https://www.unpac.me/results/b199cc11-c880-4ace-ae08-15c1786ee8ea/
SH256 hash:
60379d971a1ea92ae69538a766898156703ecbe9180e52c27c9cc1eb3c6e53e3
MD5 hash:
af5ad31a77b2607a26da301bdd1b4a3e
SHA1 hash:
86496247dff4842215070d41153676bfe49b3d58
Link:
https://www.unpac.me/results/b199cc11-c880-4ace-ae08-15c1786ee8ea/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments