MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8700aee9c4faa1a1855c028c12b94adf060edae02398a1debbd7d578b65ffeb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	8700aee9c4faa1a1855c028c12b94adf060edae02398a1debbd7d578b65ffeb5
SHA3-384 hash:	7edddcd753c7394849fe2a8f2089d59d69fd8693ee02519a2dafde9cf30a5f993a798266aa5b6c9cbedb7d0f672b43e2
SHA1 hash:	56b3bf4cdc71b07dd357908eeafe64c7f92bce3e
MD5 hash:	9ac9a745e98c77f945e655ce80161af6
humanhash:	zebra-jersey-winner-india
File name:	Description for your reference.bat
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'041'050 bytes
First seen:	2023-09-25 13:11:36 UTC
Last seen:	Never
File type:	bat
MIME type:	text/x-msdos-batch
ssdeep	24576:7HqbMp1JN/BHckc9qbbf3OdmxSy0X76fmknTuDfMZlWZEVq3PH:lDN9bGgozX7uNI
Threatray	358 similar samples on MalwareBazaar
TLSH	T1EE2533436C25ACFE8A7CF6644A2F6D0EAB209F610144F0A8BAF7A8C3566D5D4444FC5F
Reporter	James_inthe_box
Tags:	AgentTesla bat

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

Vendor Threat Intelligence

Malware family:

agenttesla

ID:

File name:

Description for your reference.bat

Verdict:

Malicious activity

Analysis date:

2023-09-25 13:14:52 UTC

Tags:

agenttesla stealer

Link:

https://app.any.run/tasks/e11a97dc-4983-4271-ae0e-524cd8cf6adf

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/451091/

Detection(s):

SecuriteInfo.com.Trojan.Batch.14016.28399.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

cmd lolbin

Link:

https://www.filescan.io/uploads/6511872232ffdb7a7a1378e7/reports/f298eac8-f457-45c2-b9aa-a3fe7c9d7e78/overview

Verdict:

Malicious

Labled as:

BAT/Agent.PZX trojan

Link:

https://www.hybrid-analysis.com/sample/8700aee9c4faa1a1855c028c12b94adf060edae02398a1debbd7d578b65ffeb5

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8700aee9c4faa1a1855c028c12b94adf060edae02398a1debbd7d578b65ffeb5/

Threat name:

Script-BAT.Trojan.Heuristic

Status:

Malicious

First seen:

2023-09-25 13:11:25 UTC

File Type:

Text (Batch)

AV detection:

5 of 23 (21.74%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q4ak52oe7kq2dbk4akgbfokk34da5wxaeomkdxv327kxrns7722q._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

4f0f6da18a34d96f83bb46bcb34de96e830a1a1dddb36f0cbfdb4a02279ebad6

AgentTesla

77093dd0cd7671c2c48ce4ab24b58db9aa1dc0c144194b8ec7ad15896061c143

AgentTesla

b78cf80d94f017c5f389590f2f3b312f1694d93e5e6aebf296e46b5b9dbca2da

AgentTesla

c017effae9004ef4495a654835320c7ef94b26973f255d18e14e7423c57c9cae

AgentTesla

e37200518d16ce5c8336e24e0c6400b329af8551f7d5dad86f0c8d8a8f128dc1

AgentTesla

e84683ad3b1f9f2bf5fce7d0da4ea6e203da12420d2e1f9db5a8d888e9878ec3

AgentTesla

+ 348 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/230925-qfg53sgc93/

Behaviour

Suspicious behavior: CmdExeWriteProcessMemorySpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Enumerates physical storage devices

Accesses Microsoft Outlook profiles

Executes dropped EXE

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Malware family:

AgentTesla.v4

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8700aee9c4fa/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8700aee9c4faa1a1855c028c12b94adf060edae02398a1debbd7d578b65ffeb5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	BlackGuard_Rule Create hunting rule
Author:	Jiho Kim
Description:	Yara rule for BlackGuarad Stealer v1.0 - v3.0
Reference:	https://www.virustotal.com/gui/file/67843d45ba538eca29c63c3259d697f7e2ba84a3da941295b9207cdb01c85b71/detection

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/451091/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample