MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60c23ce76877e976902420611599637eea4a65f71502d8553fb2fb45e8c3cc19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 13


Intelligence 13 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60c23ce76877e976902420611599637eea4a65f71502d8553fb2fb45e8c3cc19
SHA3-384 hash: 589bca98e14f409d54a68b236a02c80dcad458751fb5599d39c477f1a3ddeba277bb7cf99818656ecf014083e0793ecc
SHA1 hash: e05546777bd1717c27c7c6adea072ddfa1b7574b
MD5 hash: f792128468a34fc63afa4a8a5b4848c9
humanhash: wolfram-indigo-oscar-sodium
File name:AWB_00000000000000000090.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:546'816 bytes
First seen:2021-10-19 12:39:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:/eHMyznzz6GT49mXnuV4+SvOOI7haJGR3KyHBM69Ab2xIM:/elznnB4lKxIcJGRNHBh9AbM
Threatray 12'020 similar samples on MalwareBazaar
TLSH T125C4E1047551E95FC86A4F3A84390C225A21A827430AF2936DD77FCFBDDE782861B367
Reporter lowmal3
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/198488/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.17696.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file in the %temp% directory
Delayed writing of the file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/616ebc70db358dd15ec469fa/reports/0a7f8450-cd19-4a9e-a891-83b36022ad97/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/245bbb97-50a2-48d7-b5f5-10af036d335e
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/873103
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/60c23ce76877e976902420611599637eea4a65f71502d8553fb2fb45e8c3cc19/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-10-19 08:30:05 UTC
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mdbdzz3io7uxnebeebqrlgldp3veuzpxcubnqvj7wl5ul2gdzqmq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
04d5ba1a9911aa253eac5cbce5c3b2368687e1d61c5da4adf12209ef0d427a76
AgentTesla
0628b671fed105b7e4aa6f1b8fd17fa24703e4442e661b6f0a56f69bfade1ecd
AgentTesla
4e19cfa6f22651da477ff949c3398fddc7dd903ea8d75eceac54b900d913ceb0
AgentTesla
67e900002f5cff55084abd74646c25e1d22cf652cb0142315ab4bdc2906aad53
AgentTesla
68c82784182c8cbb7e3106e1df62a90619357c509825b0c8cb3d6c92b6806817
AgentTesla
6f47301c8691d7f68ccf71931b8e2664fad0720d1f4d01f4bfda35cd1a076bd1
AgentTesla
8fcfe841647c5f4d3f10b59fa63b2e2dff841b4c5c39cbfa828146281e49ad77
AgentTesla
a08a2ea7f574259a68c3cc7d0ff2c1f46e9a57e9802cf5fc41803787564451e8
AgentTesla
bafd3e47fa1d4663d1a82e7b2fa706d5478980a6a2bc66e93bd5aa826f841ed5
AgentTesla
c05e310c646407fa733712a98c822a5416ca1124322429d8d2a90966e909a6b5
AgentTesla
+ 12'010 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/211019-pvqkbsgfgq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
924bc478c72cfae0efcab22111ee17a5a077a8c76462cc861682e13691fa7879
MD5 hash:
1f2499ef79416b798e6f5df0c27c3634
SHA1 hash:
c32b9a58d322d3c886f46eacce3e23c47ef8a47d
Link:
https://www.unpac.me/results/4fc7f8c2-37a1-4bcc-9a65-22d32140e217/
SH256 hash:
7b4ba24781e21b310e2749bc2f7a80b9670a4198a54d26e42079a6a1c1be6ae7
MD5 hash:
7b77d210bf6b00fd8ee8187198852052
SHA1 hash:
7f78d6294a269349fc9a49ad3c8ccb3c3d2665b4
Link:
https://www.unpac.me/results/4fc7f8c2-37a1-4bcc-9a65-22d32140e217/
SH256 hash:
6930433798692059d4dd15eb0d1e76833281fa7740506dffe658561bd8475258
MD5 hash:
af605eba14d78f0b20c430518f21bcb7
SHA1 hash:
35c16ce4d7c7c6a037cd1c4a25db57de09b1d168
Link:
https://www.unpac.me/results/4fc7f8c2-37a1-4bcc-9a65-22d32140e217/
SH256 hash:
60c23ce76877e976902420611599637eea4a65f71502d8553fb2fb45e8c3cc19
MD5 hash:
f792128468a34fc63afa4a8a5b4848c9
SHA1 hash:
e05546777bd1717c27c7c6adea072ddfa1b7574b
Link:
https://www.unpac.me/results/4fc7f8c2-37a1-4bcc-9a65-22d32140e217/
Malware family:
Agent Tesla v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/60c23ce76877/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60c23ce76877e976902420611599637eea4a65f71502d8553fb2fb45e8c3cc19

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 60c23ce76877e976902420611599637eea4a65f71502d8553fb2fb45e8c3cc19

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/198488/

Comments