MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82f9d45ee92a5f51af44dc11384e5a10fa12fbb46659291dc188a9222d17fc34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	82f9d45ee92a5f51af44dc11384e5a10fa12fbb46659291dc188a9222d17fc34
SHA3-384 hash:	7b878b48b6fe7ab66408b85c3946777aa6fa9da188078a0497e7e9d2ce8a7c54091a105e40aa52db94bbec3b69284ce1
SHA1 hash:	f874df7fc78f843ca3b302b33ec47489713d4a6a
MD5 hash:	ecb77146d118de45579f7e0b54790df4
humanhash:	eighteen-bravo-paris-december
File name:	ecb77146d118de45579f7e0b54790df4.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'793'536 bytes
First seen:	2020-05-05 13:59:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	24576:GenipMkSJT5hP502l/0hJ/eu8XqZkVjYq+uy0sZP5FSshymTy9oAwZrvH7:GenB+BedX9VjYqxySRmGQvb
Threatray	132 similar samples on MalwareBazaar
TLSH	E2857D5EF204AF6DC825437489BB4B081AB990465631CF0A974C767C9F72782BDC3AF9
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

98

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.48319.18682.20867.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Agensla

Status:

Malicious

First seen:

2020-05-05 06:59:42 UTC

File Type:

PE (.Net Exe)

Extracted files:

17

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=ql45ixxjfjpvdl2e3qitqts2cd5bf65umzmsshobrcuselix7q2a._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

066752bd623ba4401c4f223b1d7d3367095632159cf758327e6fe7025d5d9a3c

0d179277dc17521d3f9668838ddc6cfe818f72ef5691c123443b9442295d90ff

1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2

686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b

72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77

723080f3083b8428248cead3d4c3ad20883395e1d574f853bca15065d2217fad

cb8cf6b203f27f3b42020653f940d2be826893d079035eac52d4d64e1102aa29

cf1e8f2fc2dd05514be3e8f92abf5b266dfb1547cc611dabc0cc4eea5a1b7dfe

dbeb99d2b3f5ab13560c96f80ee6153f909f64aac45d4ad56e2468320430acd3

fe3e525b56aaa99c9716eb9a4b7a1884e8b1f35d38388268f627485532f25d60

+ 122 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger persistence spyware stealer trojan

Link:

https://tria.ge/reports/201109-hjfdz7913a/

Behaviour

Modifies registry key

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies service

Adds Run key to start application

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 82f9d45ee92a5f51af44dc11384e5a10fa12fbb46659291dc188a9222d17fc34

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/358394/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample