MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7621960b2d451440e87f6918372fb79ca271a2ef4a1911c9cceae687a5900e70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7621960b2d451440e87f6918372fb79ca271a2ef4a1911c9cceae687a5900e70
SHA3-384 hash: 3a60e2e2219c48821e43bdc0c1b39d124008ce879960cabb0713effa9bd5485cabc8b4348ea00b380db45f05a2156a61
SHA1 hash: 8f7471f055d3bab8c01c1cf4613562c5b611a034
MD5 hash: 6a939b6649c36c804d01e8c8b3c59808
humanhash: winner-stream-beryllium-aspen
File name:SecuriteInfo.com.Scr.Malcodegdn30.32338.27167
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'068'544 bytes
First seen:2021-06-10 13:54:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:gWC7D+t5WqwjGXFb59+8fc4sW28QtmGNeBUdt:g+lwyXFj9fSrt/wBU
Threatray 76 similar samples on MalwareBazaar
TLSH 6235012263888F09F4BF737D6520010527F4F027E716D78DBCF155EE0966E818AB79AA
Reporter SecuriteInfoCom
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Scr.Malcodegdn30.32338.27167
Verdict:
Malicious activity
Analysis date:
2021-06-10 14:13:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7085822c-ef53-41b4-bf2d-02dec00d5b76

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/165881/
Detection(s):
SecuriteInfo.com.Scr.Malcodegdn30.32338.27167.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/800234
Signature
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7621960b2d451440e87f6918372fb79ca271a2ef4a1911c9cceae687a5900e70/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2021-06-10 10:07:56 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oyqzmczniukeb2d7nemdol5xtsrhdixpjimrdsom5ltipjmqbzya._file
Verdict:
unknown
Similar samples:
059683bd8243f48593d29ec0c67f7e168366e68248e0965fd81dc56e0210bbcc
AgentTesla
26a0913c70fe7c2852dda7fb0d9dd44b2575735b124fc2c3f47e36d51c7f9250
AgentTesla
3757916ed7256d3103f25e7416ad4268032a71fb0de2e8be126a563c0d54b65b
AgentTesla
3f6a83e5c484e9d495e3f29ffcedc2881690d54a7058e5c677e3feda66ed96fe
AgentTesla
3fb68ad9906db0696465ec93af5f162d8880eb072c1ac8f33380f40687c00201
AgentTesla
62dcf057c97a9885ce30fea7929614615f3603210712ff3eaebc5facf1d67566
AgentTesla
6bbd8446dbf106cde98439b5d1c0a6bc2fe2d6dc3116e7fa6190c3e22de28623
AgentTesla
73e5b50b261f0d3f8e31c4cd387f86be97b206b9a5cda3dfe0122618bce85151
AgentTesla
887b8a4cd2fffd25bc19ead0d57843f248a7534dd29a13498cb091419cc5b49d
AgentTesla
c85b0be486eca03592e8d13cddba71a6ef688073a791dd1d55ff0697f28064b4
AgentTesla
+ 66 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210610-psfjhxv4da/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Unpacked files
SH256 hash:
e987e066b6b1ca5c3698a367d405b671a7f33e388289cb6b191faf4796478596
MD5 hash:
8b3814abb5e9cd9fb5da34bc71a4afc2
SHA1 hash:
8005c030dd9d0c1f146d18c4597f0a0f55e16577
Link:
https://www.unpac.me/results/a44727d4-0e13-4a95-9959-417a764f0a7c/
SH256 hash:
7621960b2d451440e87f6918372fb79ca271a2ef4a1911c9cceae687a5900e70
MD5 hash:
6a939b6649c36c804d01e8c8b3c59808
SHA1 hash:
8f7471f055d3bab8c01c1cf4613562c5b611a034
Link:
https://www.unpac.me/results/a44727d4-0e13-4a95-9959-417a764f0a7c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7621960b2d451440e87f6918372fb79ca271a2ef4a1911c9cceae687a5900e70

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/165881/

Comments