MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b0bde8e3b951658063f012258ab40464eed901536292332451554d45b8e17cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b0bde8e3b951658063f012258ab40464eed901536292332451554d45b8e17cd
SHA3-384 hash: 22d705a34302acb7afc5d7793fdc7df2f12818b58c2431f4263d72cbc216c74dbb83b9cdf9b0f74e6868163e7eb66342
SHA1 hash: 6945c40cbf98599a8659ddb7be1e0baf77b24ae1
MD5 hash: cf8773a4d5b5367a2a44a5a84b87e719
humanhash: spaghetti-violet-cola-three
File name:SecuriteInfo.com.W32.AIDetect.malware2.3013.17177
Download: download sample
Signature AgentTesla
Create hunting rule
File size:331'280 bytes
First seen:2021-07-27 04:35:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 19abb3665ae1ff2bd877ad7bd730dcae (3 x Formbook, 2 x Loki, 1 x AgentTesla)
ssdeep 6144:Wd53TvpHeIl0OpnODbrg+JcMwBkyezriqUO4nRcPq5P2kIadi75jhKneUXjo6tM5:Wd53TvpHeIl0OpnaJcBknuqd4nnYlaMX
Threatray 7'395 similar samples on MalwareBazaar
TLSH T1A064DF097364CA9BE0151370D849CC3F4AB5AA71375FD3DBB2C069EB7622BC56C12A36
dhash icon 70d090b2ca9cf870 (2 x Formbook, 1 x AgentTesla)
Reporter SecuriteInfoCom
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware2.3013.17177
Verdict:
Suspicious activity
Analysis date:
2021-07-27 04:39:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a71bdd72-1ee3-456e-9312-4d9be2516500

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/174224/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.3013.17177.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4195ba36-c504-439c-ad62-d179761d2cb2
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/822104
Signature
.NET source code contains very large array initializations
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-07-27 03:41:00 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nmf55dr3sulfqbr7aerfrk2aizho3eavgyusgmsfcvkniw4oc7gq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0ec33a389aa412cdb6e7572d8ead37808814409609e423d67a9cf1f364d766fe
AgentTesla
21b7caf5f732c0b5927cec1c22391c81dcc13114128f36bedbce750f214c959d
AgentTesla
7a97d4b8f134c45154aedab0230867952cc203fd283dca4700258edc86efb1e9
AgentTesla
81453065bd00296f689d548aba1571a2fae836d7708089a46c62a0045ff1baa6
AgentTesla
9118a3603bd00a677536dc8f29fe954ffb9d3479f29b9d0ddfe829e5d20d4bc1
AgentTesla
b7964a89e6a2241d174412de89aefa5cea84f723413cdfe5b2ad6aec40e7a54d
AgentTesla
c42b7b1630553baa3aeb65e40b04244910822c175e9b6cb3f7f365264171196b
AgentTesla
cb39ca4eb7f5c23639bf05752a6e57f28346b35ad175845b2ed0a5caa019fe77
AgentTesla
dc5d2c1e1e0bbce8f84b0ef295b9187c98d514765c92ddb720ed17322789a09f
AgentTesla
+ 7'385 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210727-b9chd3l6ce/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
e2bdcd8253d866e496af8eea8006a1b46ecb1f3f8884fc7b4acff5cd6de29931
MD5 hash:
0738f967fb77e8dd88454af8b6d01e3e
SHA1 hash:
8c547caf29069dd8998cb8cf182732a103437d31
Link:
https://www.unpac.me/results/daa58983-1ad9-4e05-bb02-b76d82d756ab/
SH256 hash:
6b0bde8e3b951658063f012258ab40464eed901536292332451554d45b8e17cd
MD5 hash:
cf8773a4d5b5367a2a44a5a84b87e719
SHA1 hash:
6945c40cbf98599a8659ddb7be1e0baf77b24ae1
Link:
https://www.unpac.me/results/daa58983-1ad9-4e05-bb02-b76d82d756ab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.63
Link:
https://yomi.yoroi.company/submissions/6b0bde8e3b951658063f012258ab40464eed901536292332451554d45b8e17cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/174224/

Comments