MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d
SHA3-384 hash: fe7ea5859e3c455e9bfea8136c6d5511b3217af984a10ee1fbf0c33dd219c6f155a07695a42e073e6d8c5fceddfde227
SHA1 hash: a062d447ea139f90f566c25eee732011860586ac
MD5 hash: 5711672deb579b3a9908ad3926eef461
humanhash: kilo-pasta-river-louisiana
File name:payment slip.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:15'728'640 bytes
First seen:2020-11-07 10:21:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3c71e8f02dc3eee71c99d7c46768840f (4 x AgentTesla, 3 x Formbook)
ssdeep 12288:xHys6Cw3mEKZa8JYu2pXCeU9L3gwtQ8C/:sPNmRZHneUV3gMQp
Threatray 49 similar samples on MalwareBazaar
TLSH 28F6F125B9C0C073D03A29350470DB709A2DFA305F619CEF6759177EAF313E296299AB
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis5711672DEB57.23837.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/523786
Signature
Antivirus / Scanner detection for submitted sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 310989 Sample: payment slip.exe Startdate: 07/11/2020 Architecture: WINDOWS Score: 72 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected AgentTesla 2->21 23 2 other signatures 2->23 6 payment slip.exe 1 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        11 conhost.exe 6->11         started        13 MSBuild.exe 6->13         started        file5 15 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->15 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d/
Threat name:
Win32.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 00:30:20 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qmvziy4k2amw3zj6q2o6twj6mmxit5fvcfpasgpqs55bb2zq4zgq._file
Verdict:
unknown
Similar samples:
124bbabecb8fc90f529eabfbd3aec4e4604782ca267c954ecf9cf38f48b43aa4
AgentTesla
2128551c6363325c0d054a9a4d19bd066a9bde70d6ee860535d298d6961b54d7
AgentTesla
3617f1bf2ebcce123605dccd72dfbfc05f143d2698e159dc869e34ba38c91948
AgentTesla
6989ffe534c2303d7fcc4f5f8b81515a3d30a53ecb395a935bc46391de88b023
AgentTesla
6fa65eef03e50dbaba9ba7729d7d5f4a24d9302c028ec1640db45d47096ab29d
AgentTesla
929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471
AgentTesla
cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1
AgentTesla
deb96dddc557e467d8e3ac9bf5ee8fc167f74461d84e823925c0f8c7b33422e7
AgentTesla
ec5a75f9492dd42e6da3aedf206c5ff750b1ab67b75a88410e967c8c87bd65b7
AgentTesla
f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f
AgentTesla
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201107-n6rz5j7ccx/
Unpacked files
SH256 hash:
832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d
MD5 hash:
5711672deb579b3a9908ad3926eef461
SHA1 hash:
a062d447ea139f90f566c25eee732011860586ac
Link:
https://www.unpac.me/results/80bc4de9-71d7-43ae-a848-54cafdf34f9f/
SH256 hash:
b50c70d946c52250c8830942add18d8df9c3693e5376f6e2cb70337a67279384
MD5 hash:
bf747c17392e6e12037403a13d6ce281
SHA1 hash:
4287dff855807178c33ac6deeb0b38a67aafaba9
Link:
https://www.unpac.me/results/80bc4de9-71d7-43ae-a848-54cafdf34f9f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments