MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351
SHA3-384 hash: e1e7acb6e93f2cc899247a98354fa002b1dfbccab80deefc8bacc9289b19f6bceb2b6e89f7084645a40fa24c3ee12361
SHA1 hash: bcc8bcad8e036013a1f1cc4b6a1536fc15b4a2ec
MD5 hash: 79c370dca7ec5922110bbf51cfd05017
humanhash: island-maryland-stairway-bulldog
File name:79c370dca7ec5922110bbf51cfd05017.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:671'744 bytes
First seen:2020-10-07 17:09:22 UTC
Last seen:2020-10-07 18:00:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 12288:IdNOIFqSu6SvWm+N+nZQlwCNGFnNkvzgQmOH3l6ri9+UdL7ZPRNAsEQQ1954ND:WrFqRZ+jw7/Qm43Ui9+sLQ75qD
Threatray 385 similar samples on MalwareBazaar
TLSH 28E4D09C764076DFC857C9329A686C64EA117C7B570BE207A01336EDA93E58BCF241F2
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
AgentTesla SMTP exfil server:
mail.big3.icu:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69008/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Creating a process with a hidden window
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/484487
Signature
Binary contains a suspicious time stamp
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 13:52:10 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5yx6plciidqyt2zk5pvcd5dm3s4xvwbplkijqdtl7fity3funiq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
27fc7bf4086ffad09feb291debd2bac6ca899d45dd3bc9816a3377e9324348b0
AgentTesla
36f888cfcc5ca73bed330401ff231b38012baad656797b803d51157ee2252177
AgentTesla
5b48475bbc32e2dbd6ebfb746071c6192e57dfdfcfc0cfb1ae9f381663728537
AgentTesla
66c8e38b2f545edd7660168b8e778c165f200867abb90cd07c2f033ea1ae8405
AgentTesla
8600c1896f8c6835a9a5c44631ac45b319c0cc9b2e0a50a72bb37436a84ea96a
AgentTesla
a4d9d550ca3484ea03ef418a476abd3d59c58a5cba9d7efe73b27c9177145b56
AgentTesla
cbc01ffceb54ac490802cbb30bf5e913e9755d7fb4637dbcd1d34a7b3f399f2f
AgentTesla
d8dc17c4b3642e45151c21b7e02f12cda99c8c5ee51549a6f271c3ea1b436c3d
AgentTesla
dd2c1275fd6239dd194f56b78c30a226552752be6197dc22358f28e7217f3ccd
AgentTesla
df2618236af018e94e2c167826edfed81faab5a6c5ace255d84d9f07296a63c7
AgentTesla
+ 375 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201007-em1nlrf5dn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
1fed71fd8c667df54c0635f8c3754053fbf1ea794fdd787373cedd83732eeecb
MD5 hash:
69dac882ad5e1907083750bdd1104d07
SHA1 hash:
2f68975b81e8aac780b63d9c1f6222e899993715
Link:
https://www.unpac.me/results/a54f8cb3-8869-47e8-ac01-af8a888bc962/
SH256 hash:
7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351
MD5 hash:
79c370dca7ec5922110bbf51cfd05017
SHA1 hash:
bcc8bcad8e036013a1f1cc4b6a1536fc15b4a2ec
Link:
https://www.unpac.me/results/a54f8cb3-8869-47e8-ac01-af8a888bc962/
SH256 hash:
607f04646c9f16f7c23fa69d4b8f660fc7c44d40e4f73a0c70a2b315debdaa8b
MD5 hash:
a90baadadf904455325f7bc787185c7b
SHA1 hash:
7d833bb819d638008c98be469b05db2feaf201cd
Link:
https://www.unpac.me/results/a54f8cb3-8869-47e8-ac01-af8a888bc962/
SH256 hash:
86ec38f4b88070551ba2c2ef44c8e75bb25882b204b8f9d9c05e9e7d0f0919db
MD5 hash:
491d2672f4afe0e8ce0339c17c281ec3
SHA1 hash:
84484d96f05de645bbbd34145278b2221f151654
Link:
https://www.unpac.me/results/a54f8cb3-8869-47e8-ac01-af8a888bc962/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 7f717f3d6242070c4f59575f510fa366e5cbd6c17ad484c0735fca89e365a351

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/665965/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/69008/

Comments