MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 740b1a3850fd5c6aedde9f7e415c9c7dd5aa38b38aad5922c16d9b84995d196a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 740b1a3850fd5c6aedde9f7e415c9c7dd5aa38b38aad5922c16d9b84995d196a
SHA3-384 hash: 8a4f6d0e3f24c2fbf7b77b2f1e5e8dca2a7b11430ee797ef4a7147d8c10d106aaeb3a04b497e919cc79ee80a8a553f6a
SHA1 hash: 7edf39719e8b09dc40f737da37b5784acd51def5
MD5 hash: 59d67c07a49993ee60a7ada838b4321f
humanhash: single-cup-oscar-alpha
File name:EWDC99575757.COM
Download: download sample
Signature AgentTesla
Create hunting rule
File size:640'512 bytes
First seen:2021-04-13 12:52:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:gfpPkxu2kWrkUkLUd9AUqFrK0frwo6l0lUCmhlWK:UhUuttUT9AUwrK0frwrbCmnN
Threatray 3'942 similar samples on MalwareBazaar
TLSH 6AD4E0E52B06D72CD969D778144141E133E3BC1196DADAC9BEC03D9E746B242C2EF2B2
Reporter cocaman
Tags:AgentTesla com

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
EWDC99575757.COM
Verdict:
Malicious activity
Analysis date:
2021-04-13 12:56:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/673c941a-ab6e-4291-9735-2270b8c2966f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/133967/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.646-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/674284
Signature
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/740b1a3850fd5c6aedde9f7e415c9c7dd5aa38b38aad5922c16d9b84995d196a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-13 11:58:11 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oqfruocq7vogv3o6t57ecxe4pxk2uoftrkwvsiwbnwnyjgk5dfva._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1be6dc89ef7b01bdc6563c86c36e84b7560d85bab73d7186e2f223550461c5c4
AgentTesla
2ed9419745b241cf13d90594e91ea9c8a5701181e1b2c2e3ccdbd91f5b8e9ed8
AgentTesla
3a1abb4137e233c388549442065bb6329c2ac72bace2c89f95a3b13b3120d8b4
AgentTesla
3b38da2795ab7148dabc9e9c5326305725793b0832a8c608f8387f0089914145
AgentTesla
3bb4ba1af57ec635228b43c11b676612091f37e15b6578fca48e9a14195a9cd5
AgentTesla
78e458ae8ef10267738b8b1b1591fc5ace8bbb126d415124b1f067ad98a4801e
AgentTesla
8392af9cff73aab10a60befd359d4ca2638d6a936071285579147303bb453497
AgentTesla
9c7002e97c59c4c190abb09e373a5f1010b4790dbcb714e792538e73820d5609
AgentTesla
d21652e5c2460a23b225dc870a0ca5366f341ee079f63edf01e85bd8fc43f4ac
AgentTesla
e662cf42ad68f990971d60274c796013df8adadcf2743debd7e3e21c4400f949
AgentTesla
+ 3'932 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210413-lptgh482q6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
5e0f3da625a479a5e7e807b5f09c889d95474139410b312ba3a39bcb05976729
MD5 hash:
3d20c2ea9ac04e1707f853bb1780bc18
SHA1 hash:
805e90b023eb92d44bbe11daefce6edbe872cb74
Link:
https://www.unpac.me/results/7735d817-a4a5-4a3c-a5c0-6fc5bbe2bcbc/
SH256 hash:
740b1a3850fd5c6aedde9f7e415c9c7dd5aa38b38aad5922c16d9b84995d196a
MD5 hash:
59d67c07a49993ee60a7ada838b4321f
SHA1 hash:
7edf39719e8b09dc40f737da37b5784acd51def5
Link:
https://www.unpac.me/results/7735d817-a4a5-4a3c-a5c0-6fc5bbe2bcbc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/740b1a3850fd5c6aedde9f7e415c9c7dd5aa38b38aad5922c16d9b84995d196a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f2151588f65d2c67edef42954eab24f6812012fd88b8cf155e12c4b991c4a3fc

AgentTesla

Executable exe 740b1a3850fd5c6aedde9f7e415c9c7dd5aa38b38aad5922c16d9b84995d196a

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 f2151588f65d2c67edef42954eab24f6812012fd88b8cf155e12c4b991c4a3fc
Cape
Cape
https://www.capesandbox.com/analysis/133967/

Comments