MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e
SHA3-384 hash:	66dd991b2b88754acd550f18a44d865f82601aeba5e1e53773fa4c6bf1fe11b8089a6765c22aa938c37cc3d138c37ba0
SHA1 hash:	6968307b8024e0b9af160707bd866fdefaaa8683
MD5 hash:	20b7257cd015a294f969fee220f00bd8
humanhash:	ohio-timing-hydrogen-table
File name:	20b7257cd015a294f969fee220f00bd8.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	935'936 bytes
First seen:	2021-04-22 06:16:18 UTC
Last seen:	2021-04-22 07:19:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	12288:0md5xpG2ZCZiZgzRRRRRrKo6EPNvn7iJBiwz1epGf/QU7TkJn6DCqWKM:0AGFRRRRRONEl/7ABiwoQ/3wUWqp
Threatray	407 similar samples on MalwareBazaar
TLSH	24159E41B2A9C8BAE41723F1D896E4F422917D45EA22912F359F7E1F75F335210A3E0B
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

116

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

20b7257cd015a294f969fee220f00bd8.exe

Verdict:

No threats detected

Analysis date:

2021-04-22 06:56:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1bfb0b22-1715-417e-bb4a-1489e27dd051

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/143542/

Detection(s):

SecuriteInfo.com.W32.MSIL_Kryptik.DVA.genEldorado.29307.29549.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/692345

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e/

Threat name:

ByteCode-MSIL.Spyware.Noon

Status:

Malicious

First seen:

2021-04-22 07:21:04 UTC

AV detection:

14 of 29 (48.28%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=m6pl66o5begelkyho6xkslr7fxdlqgm6xdgrp634uuhgeoomwyxa._file

Verdict:

suspicious

Similar samples:

25b27bf77a7d59f3bdc13c4462475432d4f4592973bf5b2e4f8c42cda3d89457

704bd3f6c7d6671e896d71bc871f415cfc78209ae32cc518e95e39e7c06f83ad

8306ecd76526e6df50a00decb52227baf35cebc06651ef7e449ace2379ec39cb

ba2915e301b95f709a0908fc0cb97a4226848f48e98af7172e246a3aff4e244f

bd299f37aa9e98b1f42640c6c588b65fb932abd4c3c4b7d258e37be327ae60a4

c4694ce810c06b60cd032b8ff67964924a0c273a81f8ca5ce55064cf9fb6ec0a

c5f61a493b7fd20696bacb1d153c97b9d36ef692b539c7354e73940e9856328c

dacbe7aca7fdbfcae4a604018f5dc3e182709d5e8eb81a07a454ff376a6b9f25

f27dfa34490a595f8ad99b083d4b0e3147b183c651e41760b038339e441b8582

f3b2b42ef8cec0923c1775d70e26d43577f386e0080b5e3215f608dd33e75313

+ 397 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/210422-h9e575cpc6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 679ebf79dd090c45ab0777aea92e3f2dc6b8199eb8cd17fb7ca50e6239ccb62e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/847209/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/143542/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample