MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b5cd0182b1122c0231fb30af6252fe4b0b9a9dd0962d14264ff1f09ced46943. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7b5cd0182b1122c0231fb30af6252fe4b0b9a9dd0962d14264ff1f09ced46943
SHA3-384 hash:	043fc3cc2cabd52395f9bb649e6b667943f95a069a64aa0e8ca7d88d78c41d75f254a4089c8f95d0090722107a1f63e8
SHA1 hash:	211c432c36f98d24e319381f23c22ce97eefcba0
MD5 hash:	1033751639d7dc4f2309794806f6b4ce
humanhash:	earth-nitrogen-maryland-rugby
File name:	obi.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	221'184 bytes
First seen:	2020-09-28 13:54:12 UTC
Last seen:	2020-09-28 14:46:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'739 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	3072:FGW5tWs33pWarGy+6h4UCAghqr35QC8f/snqyLCFiHJgFMrpwPBw1pt+tD66M:FUarNyUs+3oIHJgFMeJwFKD6
Threatray	198 similar samples on MalwareBazaar
TLSH	D8242A566754D420CB5F417FC016820831F1D707A72AE6DF5AA6D8FA2F812CEF92B8E4
Reporter	James_inthe_box
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

AgentTeslaV3

Link:

https://www.capesandbox.com/analysis/66441/

Detection(s):

SecuriteInfo.com.BackDoor.SpyBotNET.25.18831.21307.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Using the Windows Management Instrumentation requests

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/476484

Signature

Antivirus / Scanner detection for submitted sample

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected AgentTesla

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7b5cd0182b1122c0231fb30af6252fe4b0b9a9dd0962d14264ff1f09ced46943/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-09-28 05:28:51 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

292593bea6386f07e2349a1df9d7eb04ab845d51368605b0c63825e6fffbb120

AgentTesla

2f3474e57e4d3df1cedeef87e3716fa9143a63cf7ffdd9273273f41c8a8bc223

AgentTesla

65e1f86de7b69f4eac3430c49757b5b11905ded68d9a6c7d1eca46f8609db4a1

AgentTesla

7a5cf1b0f0b115b160a48992609c57b8f9c4591a736ffc052549b2f1e91e2eb7

AgentTesla

8ca10b0fcde48ff00c9218062eb8aefe2a9d3ddc5e240a9da4a2e7764cbfff90

AgentTesla

b048deffae10786cce2ffe352fc6415cd4549c49505f34e18e7fc820d7d20a1d

AgentTesla

c48e35f8fcabd28e3598287342ddc3f3d28f24d6415786a980675d456e0836f9

AgentTesla

d3345db33851543b968f728d2a342c49dc72b0dc633da851518d8585e53af3ce

AgentTesla

e03c4f9c8ae0b28a7538315c3af97428339911bd6118371c0459adfd14abca44

AgentTesla

+ 188 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200928-ld85dw4nbx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Unpacked files

SH256 hash:

7b5cd0182b1122c0231fb30af6252fe4b0b9a9dd0962d14264ff1f09ced46943

MD5 hash:

1033751639d7dc4f2309794806f6b4ce

SHA1 hash:

211c432c36f98d24e319381f23c22ce97eefcba0

Link:

https://www.unpac.me/results/36cd8bf8-11ec-460c-bf38-af71386a2dc5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7b5cd0182b1122c0231fb30af6252fe4b0b9a9dd0962d14264ff1f09ced46943

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/66441/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample