MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 15

Intelligence 15 IOCs YARA 4 File information Comments

SHA256 hash:	60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b
SHA3-384 hash:	b4afba151a3eb519636e242495f1ad19e75cf2016650b3d2460910f810e036617590e8bd0abb84a50bbc6e6f65f31cc0
SHA1 hash:	daa505628487208501cefef0a040e665be8bd10f
MD5 hash:	164114dcc22f19edfcadfb6e764d4d07
humanhash:	kilo-december-steak-echo
File name:	60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	380'416 bytes
First seen:	2024-08-05 14:27:17 UTC
Last seen:	2024-08-05 15:17:53 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'610 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:9mmHa7GAOEGRlLqEyJ4SWHOeptSlyRfBsMsX3fbfSEHUPr3vWYJ/b0rxiKO2bsA:ZHaqAtelGLJ4VHOxyRiMc3DfSEHWTWYE
Threatray	3'602 similar samples on MalwareBazaar
TLSH	T1B7841209B749C3B9E5BE0B7AA621C1A0137D76923572EB1C0C98517C2DE3391D293BE7
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter	adrian__luca
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

355

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

Verdict:

No threats detected

Analysis date:

2024-08-05 14:47:34 UTC

Tags:

netreactor

Link:

https://app.any.run/tasks/e844e43a-15a8-45c5-9501-7c08a3b8b29f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66b0e179037b02d0daedc027

Tags:

Static Msil

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a window

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/66b0e19899ea8891b19139a0/reports/bd89368c-e5a9-4c3f-b66c-b84be3fd3f7d/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/02832c33-84e8-44aa-b2a5-1bc04bd24ea3

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1488124

Signature

.NET source code contains potential unpacker

AI detected suspicious sample

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b/

Threat name:

ByteCode-MSIL.Trojan.Jalapeno

Status:

Malicious

First seen:

2024-07-28 03:48:00 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

25 of 38 (65.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mc5obcczsrae5hh5ear4iow4ocjol2eivpkzmk2rnd5qhpbujm5q._file

Verdict:

malicious

AgentTesla

4e25695bab3ab85fc29d5ec8858b9caefe193916eabe0d7bfc18059cb23c6757

AgentTesla

60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

AgentTesla

a9b2c3cfd1964fc818c4ba2955f17482db01a5e6130dcbdc93272c34ddb31343

AgentTesla

+ 3'592 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/240805-rs1cvssflf/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/12ca3cc5-2aa2-4755-95e6-f91c8391f85c

Unpacked files

SH256 hash:

2bc9c9e720c2a10ff68f9f83925a68fdea40d4bc00c17624d4802353015980f3

MD5 hash:

b917da707eb9f3b064535942b5d2673d

SHA1 hash:

c8ebe037d4bd3497aa0be25e481b529a656535b5

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/e1cd8bfe-60d2-43ce-a836-5fa656acedb2/

SH256 hash:

d1b7503d102f7db3a5be41f720b63a2f8ba6e87de5b9231773750710dd90a8c7

MD5 hash:

e1184ed5e43fec8af9a7aca7447e15bf

SHA1 hash:

b7114853ce1bfa8e590445db19d3df91b1d4cadd

Link:

https://www.unpac.me/results/e1cd8bfe-60d2-43ce-a836-5fa656acedb2/

SH256 hash:

596757edef24c9651ed2a67a02d8f5ccdfee9e140f40f28376ed8d23548eda28

MD5 hash:

fd1d42a26d76c8eaa876394100f4d235

SHA1 hash:

82da14aa6ffa1a89bbf4b8703a6e6b858302e4e8

Link:

https://www.unpac.me/results/e1cd8bfe-60d2-43ce-a836-5fa656acedb2/

SH256 hash:

39d7476e012f4c4c9252af88cfdf03ae469d9f23eab99996d2cf237aa0f1f6e5

MD5 hash:

28f0690ead0b7e6a9a509933a4b823af

SHA1 hash:

6d451b9e7455bb5f8672b915af3e91a5738d9355

Detections:

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/e1cd8bfe-60d2-43ce-a836-5fa656acedb2/

Parent samples :

8b966a4b7e420e922ebe8ad8f77bf30b86704fe6b9c89021c56f898f566434d0
078b3704bde85e8ad84e4c21ca910f5d5367843bbecc2a384acc3fd89cd3553c
60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

SH256 hash:

60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

MD5 hash:

164114dcc22f19edfcadfb6e764d4d07

SHA1 hash:

daa505628487208501cefef0a040e665be8bd10f

Link:

https://www.unpac.me/results/e1cd8bfe-60d2-43ce-a836-5fa656acedb2/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/60bae0885994404e9cfd2023c43adc7092e5e888abd5962b5168fb03bc344b3b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample