MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e85d37c83789d89d9a1fe6f7788448a0c16700d7fc3bec1ad668b51a1739ee9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e85d37c83789d89d9a1fe6f7788448a0c16700d7fc3bec1ad668b51a1739ee9
SHA3-384 hash: 13fdc429be8c88625b6375201577b1af442c513685f21985cec4b87946deb1ca080fa1874a82a588181ca0cd317ea1a9
SHA1 hash: 80be9b145a409ddf3309c0d9967ecc2b5544bb0a
MD5 hash: d136e1b37f51b4c39b3e8149416dabf5
humanhash: robin-table-one-purple
File name:d136e1b37f51b4c39b3e8149416dabf5
Download: download sample
Signature AgentTesla
Create hunting rule
File size:987'648 bytes
First seen:2020-11-17 15:09:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:x4/Boo866AB8Jra5nhgF1GBU8ZNOWP6uwKoP6uw1D2WKo0r7Zgyec:xso6krySgUyNOWP6uwKoP6uw1D2WXE7i
Threatray 1'328 similar samples on MalwareBazaar
TLSH BF256BA9720077EFC81BC976D9681C20EB91B07B830BD647A05716ACDA4E997DF214F3
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e85d37c83789d89d9a1fe6f7788448a0c16700d7fc3bec1ad668b51a1739ee9/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 23:51:28 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2c5g7edpcoytwnb7zxxpccerigbm4anp7b35qnnm2fvdiltt3uq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
05edc3fe4fb4bfa22e5e3ce66e66a4f258adc1aebbb26142bafd1a9264feb4b9
AgentTesla
3b8067fda3a018631e93bcc5e5ab73c56adc91c4964c45c092d42f2cc9acea6e
AgentTesla
431c9f8b4b58782d7f9ebeccb1b3a18357667fef8293571cf01aa72f98720df2
AgentTesla
6609cf9b0aefabaaf1bccc04237e6ff32315960166bf4aa2ff5372cfb51c80d3
AgentTesla
6b75182568a1cf2fef851977be460536fe4a0af4aaf05b41a253c53f2af276fc
AgentTesla
7323b8d5a71d744ada47370e02c8d86eb551bacb6881aee27ed7ec61cc22e068
AgentTesla
95b6a02e3bfccd61edaa3f291e2daaed0ee8852a80f26ac7ecb6a1ed7c416845
AgentTesla
97a4e627e5182df35863f15f757d3de6f98fb7f3d94664a751df46a9d0b1eb8a
AgentTesla
b5aeb6d277320df561d9bb77a95e976c5527c17441292ec7b5bafc441fe746d0
AgentTesla
da4e120e4586c277edfa8a75a76f502a53c60594caee8b0bdf452220c9c61efb
AgentTesla
+ 1'318 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
7e85d37c83789d89d9a1fe6f7788448a0c16700d7fc3bec1ad668b51a1739ee9
MD5 hash:
d136e1b37f51b4c39b3e8149416dabf5
SHA1 hash:
80be9b145a409ddf3309c0d9967ecc2b5544bb0a
Link:
https://www.unpac.me/results/89ca574d-2067-4bdb-8a15-8395510aa01f/
SH256 hash:
86aa6ef2e9e1a7e4a3bf3929038b3545d98e539f0c79fa4ad952e9f60a5250d5
MD5 hash:
6582c7d4bec0757382111bf776ff9929
SHA1 hash:
71098fbcecc1752a0d645b84f654d641c8d95a0c
Link:
https://www.unpac.me/results/89ca574d-2067-4bdb-8a15-8395510aa01f/
SH256 hash:
dd06bb1e0622a7be7471b43ffffd4529f3650bbd3e7eb2c72f6c17f5da154d9b
MD5 hash:
683ec627390d43aca0ae06c4853218f7
SHA1 hash:
d3d540b5703a518f4aa0b750fcb60290039374f7
Link:
https://www.unpac.me/results/89ca574d-2067-4bdb-8a15-8395510aa01f/
SH256 hash:
c1200f8c04493ac7cbcdf998170e6949c29de5b4d8fca16dce63dd32832161d9
MD5 hash:
a1ee64c563afa9374441661a3cfce5b2
SHA1 hash:
e06dba60476649cf8b2fdfe2e217d68f5cccdc30
Link:
https://www.unpac.me/results/89ca574d-2067-4bdb-8a15-8395510aa01f/
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
Link:
https://www.unpac.me/results/89ca574d-2067-4bdb-8a15-8395510aa01f/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments