MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c838b83ecff0d930f544dc8b10c9e856e2d601bb2552f01cc6c8dd57c2f99ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c838b83ecff0d930f544dc8b10c9e856e2d601bb2552f01cc6c8dd57c2f99ce
SHA3-384 hash: 715b018e3f079527a4c108fc40352607b7ef504461a36de7330c00f39865df5b733df2be1ada96f951c74c8d4f32fe9c
SHA1 hash: 4befa0261ed66622c3b0d4ffea5299049f895a54
MD5 hash: b1e9ae91515bd1908fbd56f4dc456aa4
humanhash: jig-leopard-washington-yankee
File name:PEDIDOS RETRASADOS 0706.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'262'592 bytes
First seen:2021-07-07 12:40:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:yG80pGODJZlP/xtUFxpR8AeRjaDq41Ucou0biYuWOBfWlB:3GsP/HUFxpR8AeRCqpbiBBBE
Threatray 6'933 similar samples on MalwareBazaar
TLSH 2D45DF7A30328A92DEAFC7F94731561E4F6CAFFEA14BB6741884757800F0B5D4A5182B
Reporter malwarelabnet
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PEDIDOS RETRASADOS 0706.exe
Verdict:
Malicious activity
Analysis date:
2021-07-07 08:02:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5b0aeae2-55fd-48a7-97e2-aafd73e07f47

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/170183/
Detection(s):
SecuriteInfo.com.W32.MSIL_Kryptik.DLO-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fd0c98c3-bf98-48c8-baf4-6511be8fe1f5
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/812741
Signature
.NET source code contains very large array initializations
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/6c838b83ecff0d930f544dc8b10c9e856e2d601bb2552f01cc6c8dd57c2f99ce/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-07 08:08:07 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nsbyxa7m74gzgd2ujxelcde6qvxc2ya3wjks6aomnsg5k7bpthha._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
05ceea8a97719ab46d9d2c369a69c4afcc0e57321ff59b20014c11802b052958
AgentTesla
10c6a742e567562542935546814cc76b828aab283eddc43a5d1a09d9c128a6b6
AgentTesla
310b0037e8395eafa4f15bf3c09983052f68fa5490bb0670562f71f426002bb4
AgentTesla
4f6160e4c934ebea2ec7628b06c97b7995d0b4378f817adfadb15c90c3edb202
AgentTesla
50f90f15051f6b67b24f50b1f339e8eb40a513ce175f5ce12f6f2a7341d1785b
AgentTesla
5776326232f8948c3e3bbbbb80ff0b1f50fc12df854c6eec11af2d4a0a9666f2
AgentTesla
61746b9dafb79e16f8596f5cc55293042ff30813eb717ce28798db708204006c
AgentTesla
e8ac3ec1635db76942a09b304a3588e68a54211bc87409d836d52c2d7ad4cd98
AgentTesla
eaafd1f5bbc5cc71afd88af3e8cad44b766210283b8e2e376ed3b829de4c4ba7
AgentTesla
fc166af65772a1d1402c921cd81c5711d1e49abdd78e08ecf546626974d57314
AgentTesla
+ 6'923 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210707-ghzpa65xe2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
3d78e8de9182250f02ca4049c017a3d0b1c9137228d4c1db7c98e61d59b05875
MD5 hash:
03dc93922629b2b7f246f1bd1cdaa9fe
SHA1 hash:
ce815e0087c06e17ed6284e3cf8e64162c40e899
Link:
https://www.unpac.me/results/3b98d9dd-5cc2-4cda-9857-87f55b96ee4f/
SH256 hash:
a66ee633114f494b1ad66c086d26068e42e2cfd67cfb58490f618946774c3450
MD5 hash:
6967bbc834e4e48ca67f7c3695e2a1f2
SHA1 hash:
1ca662578e1f9f8b16c699a229746d8c4c57157e
Link:
https://www.unpac.me/results/3b98d9dd-5cc2-4cda-9857-87f55b96ee4f/
SH256 hash:
f411d9e2cc3ff5c2cbdafe77da2f240ff98de837a014d5db0dec9fc4805ebc13
MD5 hash:
cf5abb93750f1d1b2838a3bd2701a4ef
SHA1 hash:
02641a72a30caec80b7843b6dac18a5571632460
Link:
https://www.unpac.me/results/3b98d9dd-5cc2-4cda-9857-87f55b96ee4f/
SH256 hash:
6c838b83ecff0d930f544dc8b10c9e856e2d601bb2552f01cc6c8dd57c2f99ce
MD5 hash:
b1e9ae91515bd1908fbd56f4dc456aa4
SHA1 hash:
4befa0261ed66622c3b0d4ffea5299049f895a54
Link:
https://www.unpac.me/results/3b98d9dd-5cc2-4cda-9857-87f55b96ee4f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6c838b83ecff0d930f544dc8b10c9e856e2d601bb2552f01cc6c8dd57c2f99ce

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/170183/

Comments