MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 811927a39fece35d1dc10e1a6b0a6462765723b5dcc61e6b51f45eef3751e75d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA 7 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 811927a39fece35d1dc10e1a6b0a6462765723b5dcc61e6b51f45eef3751e75d
SHA3-384 hash: 758c14d8934b36db0df8ed358a56b1e96084df72fac31dd785489b12542deb795a81179b95000752d33189bf2e92ae2f
SHA1 hash: 2cd7cb18a9c20540ea9a44b5ce2ef8b688065e5a
MD5 hash: 7393923210116d47a98fd9cb67a5136e
humanhash: speaker-pip-table-six
File name:7393923210116d47a98fd9cb67a5136e
Download: download sample
Signature AgentTesla
Create hunting rule
File size:494'080 bytes
First seen:2021-09-08 06:00:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:eV3LBs4JMGGTZeN+AqelPQopPk7XDxpw1eUo4IVozt:YuyMFTZmBqKPFps7XDxpw1eD1A
Threatray 9'722 similar samples on MalwareBazaar
TLSH T135B4128D7E69583FD07E08FC44A266414BF8D119B194E3DA3FD2A48EA4973E00857BDB
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CFB4DC85537F4B0686B81943F2F97FFC974EBD4D
Verdict:
Malicious activity
Analysis date:
2021-09-07 17:14:38 UTC
Tags:
exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/6555ba45-c622-4073-9c30-03ccc8a45411

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186172/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b4f60be4-2e35-46f1-9e48-372195649d13
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/847069
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/811927a39fece35d1dc10e1a6b0a6462765723b5dcc61e6b51f45eef3751e75d/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-09-07 14:21:04 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qemspi475trv2hobbyngwctemj3foi5v3tdb422r6rpo6n2r45oq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
068e09db64c69a2e1b69a791dc3a2756f6fa1091b56ff47285dadd8f425ebe9d
AgentTesla
1b54c0c81ad125c0f59856c326b08527a95081b578b2afc0e587884b11200e3a
AgentTesla
2aa6a1103bbf3dcf9ed1775bfc5375eb006a04054378492ba321a210f99e6638
AgentTesla
44bae203dedf4da34c0a883f5f393cdf28853c34f84cabd3287758a23a9ef88d
AgentTesla
6b33059860e6527b27384ea5c034030b7e05f133e2ca3769fd616d3c6003b78a
AgentTesla
77dafc4c23c98c2d0518eb6bcee7cfc13128c249dafc4d5faefbfb67425f40e1
AgentTesla
f37614ecb7916b27340fd6270d6917b8778c0b92b8edf0ff9e4aa65f3883f626
AgentTesla
f3e6dcfd4b79c28078de10a6e14385b58a69b73b79986cef7000e88501b7d3ae
AgentTesla
f8b957b53da50425dfd655553ad255dd26e307971d477edd441ae2c2248ff121
AgentTesla
+ 9'712 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210908-gqwxjshahj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
f8549bdaba7a50bc337690364e1e54ba95b82d01456405be3d6cb6e151388bbf
MD5 hash:
09a9ca401fab0b2c512bdbe0d2c06b93
SHA1 hash:
f1f96745d619b2b5b8226bfee07f1daccb0ad7fc
Link:
https://www.unpac.me/results/bda7ae96-cc38-4600-bd20-9e0ab3de33d9/
SH256 hash:
fde77ba95771eb9e1e9694c513a022a6b738fe0fc99bb20aaedc66a250db89db
MD5 hash:
00a358d59a96aaa1c4874f0c678bb566
SHA1 hash:
ad263cdb73d97ed83761abf9dcc621fe6b60eae2
Link:
https://www.unpac.me/results/bda7ae96-cc38-4600-bd20-9e0ab3de33d9/
SH256 hash:
32b20bd253f5a391ca58cb4046fa403f6d90eee8340e8db278084ae40493b38a
MD5 hash:
c93d7bb74bddb0d335a86a5550b438f0
SHA1 hash:
46f21b7cbf17344bd9d3d86b49ceb187715acbe4
Link:
https://www.unpac.me/results/bda7ae96-cc38-4600-bd20-9e0ab3de33d9/
SH256 hash:
811927a39fece35d1dc10e1a6b0a6462765723b5dcc61e6b51f45eef3751e75d
MD5 hash:
7393923210116d47a98fd9cb67a5136e
SHA1 hash:
2cd7cb18a9c20540ea9a44b5ce2ef8b688065e5a
Link:
https://www.unpac.me/results/bda7ae96-cc38-4600-bd20-9e0ab3de33d9/
Malware family:
Agent Tesla v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/811927a39fec/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/811927a39fece35d1dc10e1a6b0a6462765723b5dcc61e6b51f45eef3751e75d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 811927a39fece35d1dc10e1a6b0a6462765723b5dcc61e6b51f45eef3751e75d

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1601611/
Cape
Cape
https://www.capesandbox.com/analysis/186172/

Comments


Avatar
zbet commented on 2021-09-08 06:00:22 UTC

url : hxxp://marketingintelligence.tech/ebs/esbu.exe