MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77b7758c451f9937848e83eb12fdfae2b7e555fba1e2c3816170fefe87439e23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77b7758c451f9937848e83eb12fdfae2b7e555fba1e2c3816170fefe87439e23
SHA3-384 hash: 016382d05dda1c8373a9ccc757c88c7ac2285e1641965754cdf19654f59402b82889c5977b08df988f59ff7608688505
SHA1 hash: d8c2cddc661d52985dd83e05014b61165a15494b
MD5 hash: 0017e4aa65cabe56c7f286e276e9e12f
humanhash: sodium-muppet-yellow-item
File name:image004.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:6'656 bytes
First seen:2022-09-21 23:53:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 96:8UrGdsxrc9qrqbVgIcrX4ASo36b5XrbFnU:/57qbVgI+ko36bZC
Threatray 1'014 similar samples on MalwareBazaar
TLSH T1E3D1A362A7DECB37D9A24FB29CB33342133CFB45CE13CB9C1884515B6D167A40A60764
TrID 72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.4% (.EXE) Win64 Executable (generic) (10523/12/4)
6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.4% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter GovCERT_CH
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
349
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
image004.exe
Verdict:
Malicious activity
Analysis date:
2022-09-21 23:55:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/566af5b8-f0a3-47a7-bc85-6b78a8c912f7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/312138/
Detection(s):
Sanesecurity.Rogue.0hr.20220920-1637.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/632ba45936ba812561aa3610/reports/99d9731b-1677-42a9-b6c7-90f03889c689/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/20bb714a-6384-41ea-be7c-08ad386c9d94
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1074923
Signature
.NET source code contains potential unpacker
Encrypted powershell cmdline option found
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries the IP of a very long domain name
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77b7758c451f9937848e83eb12fdfae2b7e555fba1e2c3816170fefe87439e23/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-09-20 12:33:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
22 of 25 (88.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o63xldcfd6mtpbeoqpvrf7p24k36kvp3uhrmhalbod7p5b2dtyrq._file
Verdict:
malicious
Similar samples:
02aeff4e07664864d428440cab4be050ddc1504ff997ce0fef7068899139318d
AgentTesla
0e05745ef53d73623346765e004779ecd46d050a7e0af7c456870c8b7e64f54a
AgentTesla
18fea28a7191e1812dda7bff13963e571f566705e4f28c321f18fca0231e4a95
AgentTesla
48f43556d196cdd49c48e06b4a9d34aef99847534b056afca5a00dc07fb1acc3
AgentTesla
74cb4ffa84249a18ca95cd781bd121a166e2902161a8918d645fa3d6b59032ec
AgentTesla
84cd1c4ebba5b7315afd913e74d086f9ad5ed43f2cd5ad4c4535fabfeca7224b
AgentTesla
ac63d55dd8aa224f077cf87617c503811ede4ed385668ed9f173702710efee56
AgentTesla
b4a4d9ba766e3333fc68276c91f49430f2f95c1b555fcf72697e33e80646c6c2
AgentTesla
d54ba0a6fa5afd571a0799253f94562b50d30842a6d66ba1af62419ed7713131
AgentTesla
fbd2cb021582048f9df1e5ae9a65c92e90bb9b3024763616ffa4043b18876239
AgentTesla
+ 1'004 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220921-3xv5gschep/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Malware Config
C2 Extraction:
p=
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6607f0e0-52f7-46fb-98d8-08d7f414e46d
Unpacked files
SH256 hash:
77b7758c451f9937848e83eb12fdfae2b7e555fba1e2c3816170fefe87439e23
MD5 hash:
0017e4aa65cabe56c7f286e276e9e12f
SHA1 hash:
d8c2cddc661d52985dd83e05014b61165a15494b
Link:
https://www.unpac.me/results/e5e90497-1d9d-4bd1-b1ad-15d9c1535a57/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/77b7758c451f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/77b7758c451f9937848e83eb12fdfae2b7e555fba1e2c3816170fefe87439e23

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 77b7758c451f9937848e83eb12fdfae2b7e555fba1e2c3816170fefe87439e23

(this sample)

  
Dropped by
agenttesla
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/312138/

Comments