MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61a82a7cb29365a6ece69b6cdf60f03abec86782ede46e9d3908f122b2e251a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61a82a7cb29365a6ece69b6cdf60f03abec86782ede46e9d3908f122b2e251a5
SHA3-384 hash: a517f1b6083c8407d480f39ee5628ee5913ba3041d5f2d0aa26c3c6597e941f8f723c24f7a689cccee4fbdf596d65c7a
SHA1 hash: 41f0d98adb1c4e3a8f044bb07d6be79d5811061e
MD5 hash: 2f3446e4cfbd31cfd4e38ca5dbb5b749
humanhash: louisiana-mexico-jersey-fish
File name:DECEMBER ORDER SHIPMENT_CREATIVE.EXE
Download: download sample
Signature AgentTesla
Create hunting rule
File size:157'184 bytes
First seen:2020-11-03 09:50:39 UTC
Last seen:2020-11-03 11:57:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 1536:tNjoSNuSWc56hjd+7leniOcGMyovzuczl9ixgC1ulwHSMVly3dplLOXonTJ7xqNj:njjFWvm9ixpUuHd7mzlLOXs/GKrHz8
Threatray 145 similar samples on MalwareBazaar
TLSH 69E3F7A460AAD451F52B4835E2A9FEF001B3BD87CAC51E17636CFD213BF97823A0554E
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/82003/
Detection(s):
SecuriteInfo.com.Generic.mg.2f3446e4cfbd31cf.27561.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a window
Using the Windows Management Instrumentation requests
Reading critical registry keys
Stealing user critical data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/519023
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61a82a7cb29365a6ece69b6cdf60f03abec86782ede46e9d3908f122b2e251a5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 09:52:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
12
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mgucu7fssns2n3hgtnwn6yhqhk7mqz4c5xsg5hjzbdysfmxckgsq._file
Verdict:
unknown
Similar samples:
06001437f8438e2f8d4027e4e0661e605fc37388098043e1391c7bc3abec6d2e
AgentTesla
228264e8f57dc120e866db9789ed5cf7456a486024dcd6d83a60c0b02cc11158
AgentTesla
25bfba7555f3b542adc0b1384711da8e2e44b5fa8141866eae52a3e81efb6954
AgentTesla
2b0e2a9e4f83a721d5d5305be3a7a3e075d2827af90562bf41c1a73a7dead657
AgentTesla
4988575523d9a0fe1fc226f972e930cf597cf8c001b306d07d7cc5750a45e38b
AgentTesla
6853956661336de789939b113160c9316bc33c213c6633cc98636f107616e538
AgentTesla
9ac4ff140a5b0cfe898c7f1eee2bc53cef1f4db03b7fc5c5f502d3a87f7c9393
AgentTesla
b78257912955d636db85f7fc299662ebd040df5c2919f2614e52aaf511b54d05
AgentTesla
d40978f6bcf9982f5d3147ce9717eb72435068525b91cad816cafd7cb4711bbf
AgentTesla
e630c1d94550061dccd1da06e50b378915870ce4630d646696e9b62fc1e9a8ff
AgentTesla
+ 135 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201103-96lqa81qnj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Legitimate hosting services abused for malware hosting/C2
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
61a82a7cb29365a6ece69b6cdf60f03abec86782ede46e9d3908f122b2e251a5
MD5 hash:
2f3446e4cfbd31cfd4e38ca5dbb5b749
SHA1 hash:
41f0d98adb1c4e3a8f044bb07d6be79d5811061e
Link:
https://www.unpac.me/results/038c8de1-90f6-4887-a2dc-af60b122b097/
SH256 hash:
22ce7aff39c5acb3c060b20999dc09f370eb6f0ecc1425845ddd809641fdbe1f
MD5 hash:
557dec414cc1e7cf916a34e64d54714e
SHA1 hash:
769d885b4852a6f26ceb2ca8dd77b4f8624658ce
Link:
https://www.unpac.me/results/038c8de1-90f6-4887-a2dc-af60b122b097/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/61a82a7cb29365a6ece69b6cdf60f03abec86782ede46e9d3908f122b2e251a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 35aa4644b715101d5d6fef17b5eeefc6e0188c7f75a68f8c6a24a89c398a7563

AgentTesla

Executable exe 61a82a7cb29365a6ece69b6cdf60f03abec86782ede46e9d3908f122b2e251a5

(this sample)

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/82003/
  
Dropped by
SHA256 35aa4644b715101d5d6fef17b5eeefc6e0188c7f75a68f8c6a24a89c398a7563

Comments