MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 13


Intelligence 13 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989
SHA3-384 hash: c1a5766a8fe3045f1d96aff64c2c66c118851b049133e15e04dc0e633f18d6943676fd4b63afc747c1331ea82b031c1e
SHA1 hash: 776da701a75f9f875ed8a97b057f2d33c6c4ef3b
MD5 hash: 5452fd61e9ee0d1b4cc7772f1cfef067
humanhash: glucose-tennis-mike-enemy
File name:SKM 5190647228300.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:813'568 bytes
First seen:2025-04-11 07:15:21 UTC
Last seen:2025-04-11 07:20:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:PYURe7lX+tDxpxMGsV+kZyUi3VmsPFEODlVMfh1q:gUg5XcDxbJsFyU1iwi
Threatray 1 similar samples on MalwareBazaar
TLSH T177051250276ACF02D4A24BB00D72C2786734FE8CA825D7079FE97DFF787AB581805696
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
dhash icon 0086968630706000 (3 x Formbook, 3 x AgentTesla, 3 x MassLogger)
Reporter lowmal3
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
451
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SKM 5190647228300.exe
Verdict:
No threats detected
Analysis date:
2025-04-11 07:18:20 UTC
Tags:
netreactor
Link:
https://app.any.run/tasks/60996ebf-b632-4e04-aa95-0dad49c80f67

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/1808/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f8c8ee1dba888a93d03e72
Tags:
virus micro msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Verdict:
Malicious
Labled as:
Genie.8DN.Generic
Link:
https://www.hybrid-analysis.com/sample/7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ca04715b-f152-4be2-8194-e7a18f510fdd
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1662880
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989/
Threat name:
Win32.Backdoor.FormBook
Create hunting rule
Status:
Malicious
First seen:
2025-04-11 07:16:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvngkgalg5ngql6osanscuv5pbvlhlf2i47s6exfzhmgd5xmhgeq._file
Verdict:
malicious
Label(s):
captiveaaloader
Create hunting rule
unc_loader_037
Create hunting rule
Similar samples:
error
AgentTesla
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/250411-h3ttdsswhy/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b0d78910-aa4d-4275-87bb-dc79fe373bcc
Unpacked files
SH256 hash:
7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989
MD5 hash:
5452fd61e9ee0d1b4cc7772f1cfef067
SHA1 hash:
776da701a75f9f875ed8a97b057f2d33c6c4ef3b
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
SH256 hash:
fab74c4cae561d0518924707e4d166ca4040eb17cbedf92cb60f7ea90071743a
MD5 hash:
9ebde08a52c1ef2fcad61b0bcaec8509
SHA1 hash:
471a8316860b48e7c53327e79b0c513ce3e42cf3
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
Parent samples :
7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989
852c82fb8e6721e6402d4f2d338747ba27046abd263039c37b9568149b3d00b3
SH256 hash:
8c386d2d80c171b6793b6ee7f95aeb5eba930bbd3ba1cfdd39c76f5114b4be5b
MD5 hash:
f236099021723d5b1799753ca0de0e23
SHA1 hash:
714833a93a105eef5276932a009e8286157850cc
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
SH256 hash:
1b97196ca78fca5aba8cc7cab90f797657250ddce9c0720c5bbaba50076f8d21
MD5 hash:
33567fbc23d41ca1f2c9e62f7049757b
SHA1 hash:
8e744e4fb20b8dc16b0cdf23f41040c8f9e502a1
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
SH256 hash:
0393c17d9edb0ad7e6935660e8c33f49dbdf976a81812fb363ec00a0cb306c35
MD5 hash:
a952bcb5dc9fce436025fb46bbcb4026
SHA1 hash:
1f3fdcc68f24a16507416462d1db8f09779757a8
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
SH256 hash:
7954410e87b24debf14521b32850bac53f7924a45262bb8dc15d877c364c16cd
MD5 hash:
3ccbacab9a6b9a43781019e74291daa5
SHA1 hash:
2af48262743733232f5e7471f9f264e755b28e59
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
Parent samples :
7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989
b72b162975f175de445b14cdb5acb20fdfaef7e8932a4db2a26e245a7f0640e7
cf5c68e26546d85bf7ab9d049df7da641929bdd77eb51bec61e354db25d27292
SH256 hash:
19efdf03cb94895935225795f68bb9abfded1869687367013b8b4eee3cc99372
MD5 hash:
4e29f75c0c51b9dec76955f0382d9541
SHA1 hash:
4899aa8e3f57339cbaec8faab777897a76fe1c3a
Link:
https://www.unpac.me/results/2c1f5619-27ca-46c4-8c05-e5bfafdc3235/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 7d5a65180b375a682fce901b2152bd786ab3acba473f2f12e5c9d861f6ec3989

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/1808/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments