MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 77b15774854302e9210104737f4e0e4d6cf28b9354a0a7a47cfacc73865b9882. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 6
| SHA256 hash: | 77b15774854302e9210104737f4e0e4d6cf28b9354a0a7a47cfacc73865b9882 |
|---|---|
| SHA3-384 hash: | 7e819ba2f309a32ad73d836b4a25c465f8182108d54f0cd894e942cd0ebf9c924578c5f0d975800c55e76f612dd192c6 |
| SHA1 hash: | a248afdaa80333f4e3d44101909b3897e103ead7 |
| MD5 hash: | 358be9fd5ed247160858b2b7f9a10922 |
| humanhash: | six-charlie-kilo-zebra |
| File name: | Payment Advice-BC_EDC9.exe |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 346'624 bytes |
| First seen: | 2020-11-20 08:03:16 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'752 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger) |
| ssdeep | 6144:qqRnIUaXdKT0882Q5Tp5HqMwR1ZBPmodPOVbQieEaAu6bEEAmg+S8:fxIL1882gTH+lB5dPO5QiFbIEAmDX |
| Threatray | 4 similar samples on MalwareBazaar |
| TLSH | 6B746CB0642BAC65F52A0D37D6E9F65002737E0B9DC76D0860A9B71712F3362BE4684F |
| Reporter |  abuse_ch |
| Tags: | AgentTesla exe |
abuse_ch
Malspam distributing unidentified malware:HELO: mozzatbrunei.com
Sending IP: 45.133.203.90
From: Hr<hr@mozzatbrunei.com>
Subject: Check Payment Advice-BC_EDC95320201
Attachment: Payment Advice-BC_EDC9.img (contains "Payment Advice-BC_EDC9.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Result
Gathering data
Result
Threat name:
AgentTesla
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Signature
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Detection:
agenttesla
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-11-20 08:04:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
unknown
Similar samples:
Result
Malware family:
n/a
Score:
7/10
Tags:
spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
77b15774854302e9210104737f4e0e4d6cf28b9354a0a7a47cfacc73865b9882
MD5 hash:
358be9fd5ed247160858b2b7f9a10922
SHA1 hash:
a248afdaa80333f4e3d44101909b3897e103ead7
SH256 hash:
bb5ba0bc848f30061c5b9d2130f50912a214dd6abd48894c5e85e8d59978b23d
MD5 hash:
782f64f0bc2d4033a773e8e138729d1c
SHA1 hash:
a46ba6e2c82d859a3016f20305f305568dc2735f
SH256 hash:
45729ec7ea7f8b8d962aac8df8d6e89c719d33f60c929abe0723ead6fff9632e
MD5 hash:
d755ad465a6a443e5e15e14b95d74fb9
SHA1 hash:
fa3ed98bae1cad28f944c4c473c4290f5d7e5b77
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.