MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
SHA3-384 hash: 03311f9d21322da82c5a470076405df8015e2fe15b5f139f85c881c039f67dea622abc95ef0a99f454643d4eea2a5eeb
SHA1 hash: 3e14ca38b2cff33b422ff205ccba81c0adf1301a
MD5 hash: 3616e4b08abe086cdfa1e1d44cc04937
humanhash: michigan-seven-purple-mirror
File name:file
Download: download sample
Signature AgentTesla
Create hunting rule
File size:56'832 bytes
First seen:2020-02-28 05:52:29 UTC
Last seen:2020-02-28 05:53:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'642 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 1536:wbTRPOKDYcc6adHSYDmcx3JzGkgglfWrmka:SSbD7x9GbglfUa
Threatray 97 similar samples on MalwareBazaar
TLSH 6643C711BB4B4712CA2C11B544E7392853F09BCFAA33D95B3ECC225D5E127936E87AC9
Reporter johannes
Tags:AgentTesla RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/Y2GT7vTj

Intelligence

File Origin
# of uploads :
2
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6332612-0
Create hunting rule

Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-01-06 06:18:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
AgentTesla
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
AgentTesla
c656d7d18181d06dc4ffa7a0477f44c5ba4e891c18bb66ba31f8f8ddba22f742
AgentTesla
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
AgentTesla
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
AgentTesla
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
AgentTesla
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
AgentTesla
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
AgentTesla
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
AgentTesla
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
AgentTesla
+ 87 additional samples on MalwareBazaar
Result
Malware family:
revengerat
Create hunting rule
Score:
  10/10
Tags:
family:revengerat discovery execution persistence stealer trojan
Link:
https://tria.ge/reports/260106-nymr6sgj6z/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Adds Run key to start application
Checks computer location settings
Drops startup file
Executes dropped EXE
Uses the VBS compiler for execution
RevengeRat Executable
RevengeRAT
Revengerat family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments