MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 660b6b031b26bce3820f343fe1f77a5114daa876455a25995a43cbf2ca2d0176. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 660b6b031b26bce3820f343fe1f77a5114daa876455a25995a43cbf2ca2d0176
SHA3-384 hash: d2df261f822c890a0be312ec4c98cef279e0a5bc76a1433ac60078a302ec1a79c405d0e54525b467e8a23ad4b476ff6b
SHA1 hash: 702212fc6027ddf9d94183b66acdee9163ac1431
MD5 hash: 27fc69a88710526ae5a3877988287d24
humanhash: island-robin-princess-pizza
File name:8160539.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:592'896 bytes
First seen:2022-10-05 08:34:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:EoIX6dz5TntnfmmK83XLQID143Gux5ICftvLDzmPdFQQ+OLYdrCO0Kb4Yt:EnX6d1TtnBc0iPiPdFZ+OLYdWOpsYt
Threatray 17 similar samples on MalwareBazaar
TLSH T1BCC46C2272A69289CC650F71593582C943753E2B7E38C64D346E71CEFB33A268733766
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/316761/
Detection(s):
SecuriteInfo.com.Variant.MSILPerseus.238216.8023.20934.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Forced shutdown of a system process
Unauthorized injection to a system process
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a9cf2a45-6b15-4316-b783-4d9d077eddbe
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1083942
Signature
.NET source code references suspicious native API functions
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 716499 Sample: 8160539.exe Startdate: 05/10/2022 Architecture: WINDOWS Score: 80 19 Malicious sample detected (through community Yara rule) 2->19 21 Multi AV Scanner detection for submitted file 2->21 23 Yara detected AgentTesla 2->23 25 2 other signatures 2->25 6 8160539.exe 2->6         started        process3 process4 8 WerFault.exe 20 9 6->8         started        11 RegAsm.exe 6->11         started        13 RegAsm.exe 6->13         started        15 3 other processes 6->15 file5 17 C:\ProgramData\Microsoft\...\Report.wer, Unicode 8->17 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/660b6b031b26bce3820f343fe1f77a5114daa876455a25995a43cbf2ca2d0176/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-10-04 13:35:55 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
16
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=myfwway3e26ohaqpgq76d532keknvkdwivnclgk2ipf7fsrnaf3a._file
Verdict:
malicious
Similar samples:
341b6ff76b63e3e74b8fd97b301462f9a6544405946271b7766c4ff4c8c28150
AgentTesla
384b9f64f79052db685e1c7cdbf450b861d00b0ed42808ec9b688a604b53c5d2
AgentTesla
5c50b7e005524ede0a2c636b92a0933bc631c783bb8201e98dbdc52c390cd566
AgentTesla
5ff630bb32483baef5a0d497a5e37bff0484cdb5d3126ac959a931070ce61730
AgentTesla
66198eecb52a9fa1cdd7e2256ba7ebee5205ada5561663e3e5b805f4a5749ed5
AgentTesla
7d7157dafa1904a0d5331931d078f7058a11316863715581fa3db547198029e3
AgentTesla
9ba3f37b67b92faad989b9f328b13c5ad6e712678bc2e7e3f3284b82685c0eac
AgentTesla
a6a120ad08da9e3fbbcb491477914dae9901653122984bf29475d7b344b20e0d
AgentTesla
c3b9b17acd966a36e27681a32021b35e022cc0df29ee937c61dc766e87f9ecd0
AgentTesla
d127a960084b0950a8ceb5ea4d1ada28102a8a6934ed63838bde4c199e2baf31
AgentTesla
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221005-kggm2sdgb7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/727121a6-a759-40a1-ab37-7d114489161d
Unpacked files
SH256 hash:
660b6b031b26bce3820f343fe1f77a5114daa876455a25995a43cbf2ca2d0176
MD5 hash:
27fc69a88710526ae5a3877988287d24
SHA1 hash:
702212fc6027ddf9d94183b66acdee9163ac1431
Link:
https://www.unpac.me/results/d7158b24-34da-4a15-a633-87e5bb7d4294/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/660b6b031b26bce3820f343fe1f77a5114daa876455a25995a43cbf2ca2d0176

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/316761/

Comments