MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254
SHA3-384 hash: d865358eb40559eeaf8a48e414c7bcecd2cd596662f66353dc27a76c63cd8cee1b66dddea244e51596fb09ecceeae207
SHA1 hash: ab7012926ad82123cb8adc0897139074d592610a
MD5 hash: 6e4b4f63741c30915858d44175b6abef
humanhash: texas-kansas-kansas-pluto
File name:6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'458'752 bytes
First seen:2020-06-17 08:51:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep 49152:O61y7e5AAOgEeSkaQ2vEGy8872Yoe0jbKH9IS5VurQcmd4uetJ+Se:uG3DT28GJ872heEeHjBp4tFe
Threatray 1'027 similar samples on MalwareBazaar
TLSH F3B52302B2C2C9B0D6321935D929E7B65A7D7C149F30E61F73D47D28BA715C2B620BA3
Reporter JAMESWT_WT
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DCRat
Create hunting rule
Link:
https://www.capesandbox.com/analysis/19230/
Detection(s):
Win.Malware.Rasftuby-7369445-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 09:40:44 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2
AgentTesla
3e79be51a78170ac177641b8225b22d37548617800ea0362733eeadc77445b98
AgentTesla
43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06
AgentTesla
5261874485f9fe16a78a558734e8652f93db1d544f3be331e7f6adc06f43ee98
AgentTesla
70f8a912b0343b177f6c04ea6a642dd85f68044728e5481e86cfe8311ed86e21
AgentTesla
8f60548d2cde9e0681d8609aef71f51c820073a2a70e75bfa0fa56e3890d94e0
AgentTesla
90dd2d39ffc0ebcf1db286191a316c833ddc3111337e1c05e3d847e03e67c377
AgentTesla
b5c7fbd5e805b6f1a9796c041be4f9829d2157e5b59a6608871511d045b8d79c
AgentTesla
b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de
AgentTesla
c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706
AgentTesla
+ 1'017 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-yqqrms7ran/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Looks up external IP address via web service
Loads dropped DLL
Drops startup file
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19230/

Comments