MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f8ffadcf0f82a71167f9c5550251d7e2e8f82087f7025c09896c3d5319561f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	6f8ffadcf0f82a71167f9c5550251d7e2e8f82087f7025c09896c3d5319561f2
SHA3-384 hash:	6a99e157f5b105d92c953f2aecaca46289089cc67be07ea1870aa1727c2138d013b871ae211a13980aadddd705134e91
SHA1 hash:	f16e55941e642d8bfa71e2644c37dab3ccc39e5e
MD5 hash:	723386f559ec2257ab9e2ffacc882daa
humanhash:	muppet-queen-september-dakota
File name:	Please treat as urgent.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	932'352 bytes
First seen:	2020-07-19 09:11:39 UTC
Last seen:	2020-07-19 10:00:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:RJrMnqjzGYIdjMxMSo15GXacXYp3uyAjrMnnmbB125G+nDDLrOyjYX2iFixvTD2S:nrvxguwcLjrtB12RnD7OLXG
Threatray	178 similar samples on MalwareBazaar
TLSH	06155BF7A74991CEC49FDEBCC4820B704987ED81E1F9920B02537C36767A7A1D9850AB
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin

# of uploads :

2

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27756/

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.WXK.29092.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/389671

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6f8ffadcf0f82a71167f9c5550251d7e2e8f82087f7025c09896c3d5319561f2/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-07-19 06:59:07 UTC

AV detection:

34 of 48 (70.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n6h7vxhq7avhcft7trkvaji5pyxi7aqip5yclqeys3b5kmmvmhza._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Similar samples:

00383e0cef95de02bac4a4725234f5430202e33f1d80b1dd299d682590e6d2f9

4cffbdf1d3e2016475da67b15f0ab12a9658e0970f691cebe0bd161e2e1772b2

4fa4af45c70295513c486589c0e36e7436be6abbf3c75e97b544db959e9dfcb5

71bb29dfc07190aeace9d750fcb2e9a66a8abebab3c6d2c40eb0b3ce93e4c36f

7ed29b5971fdfce885116395debc7289bf0e27966e6c72e41f0e6902b30c6575

83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475

8d8a8acc157f92723bfbe61fd04220d80d171908ee97231d15fad5b5515a0b2e

9cc659b2ca813ac76fd302254522e11352627942aa96a256da9f82ea269e6d94

b5279796301bec9d8b3de84dff29a98dfb7cfe9d549279fddfd624b61583960f

c72cde3224e01da2283065c5a94d252f528c132019eb2f2656c86a7caa1006c2

+ 168 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-j2jvc4t49a/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6f8ffadcf0f82a71167f9c5550251d7e2e8f82087f7025c09896c3d5319561f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/27756/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample