MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7763a867efe52a8933aa85a6d5627d10842c711bc027ff8e922f5edb53901520. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 14


Intelligence 14 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7763a867efe52a8933aa85a6d5627d10842c711bc027ff8e922f5edb53901520
SHA3-384 hash: 07287c7d437430f7d51a6ffe495ef5889bd28c4845c8c040c5c447a51ef8c251eb82f02af9e82093811a1c1803ad87b6
SHA1 hash: af666f7c8282a2edf2803214e63be1a99da5479f
MD5 hash: 66e800ac6f85bb27cd37da24c6655123
humanhash: king-hydrogen-glucose-solar
File name:AWB & Shipping Documents.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:981'504 bytes
First seen:2021-10-04 13:35:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:fmBKc9Bilo3NA30RQfQ5JHhuU6wHV+fVvuLD/ya2K046Mnq0UnsO5lJkKzUvoPUj:YkqaCt7K3Ut097Ii3CPsIQfR
Threatray 10'696 similar samples on MalwareBazaar
TLSH T1B2252A9053CB9EC4F07B2734B0121CE7A6FE660DE379CB1569963AC78DB6B40461DB88
Reporter adrian__luca
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AWB & Shipping Documents.exe
Verdict:
Malicious activity
Analysis date:
2021-10-04 13:38:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/90851cb7-b36a-4d36-b463-26db1f0e1d62

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/194657/
Detection(s):
SecuriteInfo.com.Artemis66E800AC6F85.21550.11458.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Launching a process
Creating a file in the %temp% directory
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/615c0ffbb95458900cdc606f/reports/bd6d587f-3f6b-4c4f-bb2b-1d87f188a689/overview
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8786cc1b-06e1-4bbd-9b51-824d6e7cbf73
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/864030
Signature
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7763a867efe52a8933aa85a6d5627d10842c711bc027ff8e922f5edb53901520/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-10-04 13:36:09 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o5r2qz7p4uvism5kqwtnkyt5ccccy4i3yat77dusf5pnwu4qcuqa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
2056868a6d424e281762a3b4342bfff041ad23d30744a9a7365e04499788dfe5
AgentTesla
2159a5fe890c12ad6869f24c7e2a100e0712723c99fd7c48284cf9c28a6fee45
AgentTesla
582cbb61a7af84c06255bb0297bd6d0c2084258c57c2aa83e47473ae49cba1c1
AgentTesla
64c5ce215f635169c2dc793a3972365f5ce38981ea701a0369c8fac5adfd9a27
AgentTesla
755f9880585db4240c8f03cbbc99cbf6c174e33a62ed3130488633ea232c8924
AgentTesla
820c62207fb790251824280ec281caeb04dde02a3e0c895a9909f6e66c3fc2d4
AgentTesla
adf0bf2f5d0597baa563da5b5c9fb642de2c4eab7caae06a931f5f03d964861d
AgentTesla
cfb24eeee1fb9753433c3eeaf857ddc8f33512866a40ff22daf6c203adeee62d
AgentTesla
d153e8b542963a9c9ae3fa96421f2ec2c5779759d0a086f3545b7e9c91074476
AgentTesla
eae18a76068a44afb34840b90fd2b859468cdd28787c94e76abed52b9b21ed37
AgentTesla
+ 10'686 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/211004-qv874sgdc8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
3fea8c40aadded3608ea6558e862f47bc63c794c315706114636341438bb1ed2
MD5 hash:
d8f5722fe4a89ca76569ed029e12a05e
SHA1 hash:
f089fb14e1acc4b40d074a87068e7992d62d988b
Link:
https://www.unpac.me/results/4d7b42bd-b9d4-427c-ad4b-eec2836574e4/
SH256 hash:
43e38f251dbca9aa20f3470167e5427a7e7a7cdcd25f0b6b045ae8577cd3e345
MD5 hash:
f62ab5d3528d5a3b9e270ea1f9347868
SHA1 hash:
6a74e87711c615adbd9145f829a33f55b7e42dd6
Link:
https://www.unpac.me/results/4d7b42bd-b9d4-427c-ad4b-eec2836574e4/
SH256 hash:
18303576dbabf683804687c2900f240fd32134a61675115314170957c63c934a
MD5 hash:
ca0af8f727af374d35acb1febe760260
SHA1 hash:
0e64518767ccd188981b6628ee32cbd6742f2dc9
Link:
https://www.unpac.me/results/4d7b42bd-b9d4-427c-ad4b-eec2836574e4/
SH256 hash:
7763a867efe52a8933aa85a6d5627d10842c711bc027ff8e922f5edb53901520
MD5 hash:
66e800ac6f85bb27cd37da24c6655123
SHA1 hash:
af666f7c8282a2edf2803214e63be1a99da5479f
Link:
https://www.unpac.me/results/4d7b42bd-b9d4-427c-ad4b-eec2836574e4/
Malware family:
Agent Tesla v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/7763a867efe5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/7763a867efe52a8933aa85a6d5627d10842c711bc027ff8e922f5edb53901520

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 7763a867efe52a8933aa85a6d5627d10842c711bc027ff8e922f5edb53901520

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/194657/

Comments