MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 16


Intelligence 16 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
SHA3-384 hash: 8d54addbfa5e454742150f9357dc20e420658f3d518f37d07807cdcb6eca416c43c793a046eb8dae71d918d342c39b5c
SHA1 hash: ec6d97234829323f5ac3aba4451f5586b4d79d62
MD5 hash: e15fdf0002965bd0f4bf3824f218752a
humanhash: yellow-triple-michigan-pasta
File name:PO 91402278.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:526'848 bytes
First seen:2023-07-04 07:01:17 UTC
Last seen:2023-07-05 13:25:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:ANUutBDA2m5g+dw1Wl0Nu/HgFM7IZsKb7AALTZ0m3bmXFA1NybAanTyoGqZYvyLB:AiKp+kWZ/1IZplbeAra+CZYvC0wkY
Threatray 217 similar samples on MalwareBazaar
TLSH T135B42215F96CCA77CF2404FE00132616D7A6542291D2F7CA2CC1E5E9EECBB90DA90E97
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
279
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
PO 91402278.exe
Verdict:
Malicious activity
Analysis date:
2023-07-04 07:04:39 UTC
Tags:
agenttesla rat
Link:
https://app.any.run/tasks/ddfd6c33-2b7a-4f72-a2fb-ed6804fd922c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/406279/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.24782.14596.11601.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Launching a process
Restart of the analyzed sample
Creating a window
Sending a custom TCP request
Сreating synchronization primitives
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a process with a hidden window
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
formbook packed
Link:
https://www.filescan.io/uploads/64a3c3ec204315fbc16ca8f3/reports/a7583299-c149-4dce-8d3e-608845f9c71e/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/aa066567-cd27-4605-bbdf-88b8e80a3210
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1266404
Signature
Adds a directory exclusion to Windows Defender
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Scheduled temp file as task from temp location
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1266404 Sample: PO_91402278.exe Startdate: 04/07/2023 Architecture: WINDOWS Score: 100 49 Found malware configuration 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 53 Sigma detected: Scheduled temp file as task from temp location 2->53 55 5 other signatures 2->55 7 PO_91402278.exe 7 2->7         started        11 oxYLAFKnsHeSIQ.exe 5 2->11         started        process3 file4 33 C:\Users\user\AppData\...\oxYLAFKnsHeSIQ.exe, PE32 7->33 dropped 35 C:\...\oxYLAFKnsHeSIQ.exe:Zone.Identifier, ASCII 7->35 dropped 37 C:\Users\user\AppData\Local\...\tmp208E.tmp, XML 7->37 dropped 39 C:\Users\user\AppData\...\PO_91402278.exe.log, ASCII 7->39 dropped 57 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->57 59 May check the online IP address of the machine 7->59 61 Uses schtasks.exe or at.exe to add and modify task schedules 7->61 63 Adds a directory exclusion to Windows Defender 7->63 13 PO_91402278.exe 15 2 7->13         started        17 powershell.exe 19 7->17         started        19 schtasks.exe 1 7->19         started        65 Antivirus detection for dropped file 11->65 67 Multi AV Scanner detection for dropped file 11->67 69 Machine Learning detection for dropped file 11->69 21 oxYLAFKnsHeSIQ.exe 2 11->21         started        23 schtasks.exe 1 11->23         started        25 oxYLAFKnsHeSIQ.exe 11->25         started        signatures5 process6 dnsIp7 41 api4.ipify.org 173.231.16.76, 443, 49699, 49701 WEBNXUS United States 13->41 43 sh003.webhostbox.net 162.241.27.12, 49700, 49702, 587 UNIFIEDLAYER-AS-1US United States 13->43 45 api.ipify.org 13->45 27 conhost.exe 17->27         started        29 conhost.exe 19->29         started        47 api.ipify.org 21->47 71 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 21->71 73 Tries to steal Mail credentials (via file / registry access) 21->73 75 Tries to harvest and steal browser information (history, passwords, etc) 21->75 31 conhost.exe 23->31         started        signatures8 process9
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2023-07-04 01:06:43 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
21 of 24 (87.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rkha4255bawakf2cielwe7m2m5aisi2xzx4vkvivbwd7tdzzvllq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
20ea3dddbca03383cb1f9fb410b0f354075c3a704e2c87233c2f21f4f0564910
AgentTesla
2ad65e78905204a2813c619cd38632eeb99e111b5246dfb34558813ad442136e
AgentTesla
2dde7c420d0f3055c38e0cbc7dae250fb319b3390a492784992bc9ae95af6d33
AgentTesla
4bc4516b5db503b67107df186362ebf8d3029fe3a98c9ad777fdc2568f427113
AgentTesla
b5ed2d16101b333863529e10f2413b70ea33ffdafb65ec74ea849f9d425fdf91
AgentTesla
d7e0b7858aa72468917565c8661068670da4707a87b10387ca9c31604f908003
AgentTesla
+ 207 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/230704-htr87sda2s/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Checks computer location settings
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
8022eb6a31ff09510ea4bc66e3a92f6f5ef5cd23412d10e12207e93ec38c3672
MD5 hash:
14ee8b8b7e47469317d1012f0898b111
SHA1 hash:
c6da4e2f1ab8c277129026648cbf97d8d6126245
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
ff018bf75e7a1d4f279e93be837c31ef27bdbc266d67bd31afc9d38698199db8
MD5 hash:
3876529522f64a84ff34f13002547744
SHA1 hash:
56c3cccc6c7f396135e2f1262ff7140d46d69af9
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
cfb47bc0e75450721fbab6d7e77319be2ff963baa043b0edbbd485d6f18e6f57
MD5 hash:
0255dca41f11beb051faeaf2df41ca9a
SHA1 hash:
45079d80bbf36a65654d288171b6c0e42fd437f5
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
Parent samples :
0d60b66a4cf05690e7a7afa8a54328fd3b043bb5a77c9c45d59ecdbc8f7af440
37a3df3f3e43cf82060890197d96d5ad5e0b84b0995f1cd70709f96899fe2994
42131014120f6538128d4ca52b1eae8e23a543a5a7c56a42602f8e19fccdafa9
8163524766bde94fff9883de3c7f13bb88bbdd6af597bf3217613321caf43b3e
5cc55879af4ec6a5ded72775f9ae99a0f46496b45caaac6b5f58d67dad355f6f
8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
73bb3aadb9432efe0971a8211681ed2df1d891997fbcd1add6f4960eb05cda43
e3a4d27630c1d1f5f57a8d490047380ffd6f813b6ffa9eb554632ac915a61447
983378f4b350a997de3cd1d8e1c66a5728c2b34ea0b7937ccac824aeda29f7da
be84687edad29eae1d7819714c65881c1c8bd2bb9170c58f8b5fe5a34ef2a664
8f006585b173e95503af78fe048e5836196340b2e56f3b1b2946a5915e6bb998
980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b
22946068fd1e3e163cd2aa78bd95ac8983fddcbebbd2a7ec07fd2e752caa49d2
94e0979bf69db22ad543fcaeaf820f651a5ab917c74b6e329f7e9ee020cc7a26
cdb512760be3becba1ca6ceaa20786f3428bee9a0037be8a95da3e1910cd067b
1e6d877e28638122cf889cb074d451010ab7aaaab155348d1719c7467e697dac
ad4ef5b118ce9922d0adedc4ee0135aa1bc55a0ce537d7396001cdaf533856b3
d106446fe25932f01efe8164e5dfa001b5c8a05a8d42a3bfd90c306b5814ea54
6c29c5aedf40d9fd44024cd8ee9ecf19b26a10006d88ec3f76f47c70a2ad1122
6fb64f7e90516c0003e7cd104a2370a22c5949871bc653067d0100229f8f9717
7b53084fd46b89ffc9c41b0fcaaecc3e55579eef25037e68f1aee62d86528b61
813490a4f54269088113cdf7e413b2c9eae7ebdd9a88a51195b324ec6a0fcd3a
2f2c5ef0fb2db3d362fcb5ebd1ed82b5a73cd36c9c0ab4ae18dd26f225bb3e63
4cf806a71adea5b039528773d5857e5386af8aa61ad773c2d7857c9e23cc6feb
67f50cbee8d146700d13aba555eee7cef1b007947cf5f6dc6c8262b8a0f01c70
cd5661c73868cc4246d7cb01f785447b6c359ded6aaff8e1e62737032ddaa7e8
0ef8f46933f6388ca0374cda300f534802a54343ecade5f00d9cf2f9a6485638
SH256 hash:
8022eb6a31ff09510ea4bc66e3a92f6f5ef5cd23412d10e12207e93ec38c3672
MD5 hash:
14ee8b8b7e47469317d1012f0898b111
SHA1 hash:
c6da4e2f1ab8c277129026648cbf97d8d6126245
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
ff018bf75e7a1d4f279e93be837c31ef27bdbc266d67bd31afc9d38698199db8
MD5 hash:
3876529522f64a84ff34f13002547744
SHA1 hash:
56c3cccc6c7f396135e2f1262ff7140d46d69af9
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
cfb47bc0e75450721fbab6d7e77319be2ff963baa043b0edbbd485d6f18e6f57
MD5 hash:
0255dca41f11beb051faeaf2df41ca9a
SHA1 hash:
45079d80bbf36a65654d288171b6c0e42fd437f5
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
Parent samples :
0d60b66a4cf05690e7a7afa8a54328fd3b043bb5a77c9c45d59ecdbc8f7af440
37a3df3f3e43cf82060890197d96d5ad5e0b84b0995f1cd70709f96899fe2994
42131014120f6538128d4ca52b1eae8e23a543a5a7c56a42602f8e19fccdafa9
8163524766bde94fff9883de3c7f13bb88bbdd6af597bf3217613321caf43b3e
5cc55879af4ec6a5ded72775f9ae99a0f46496b45caaac6b5f58d67dad355f6f
8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
73bb3aadb9432efe0971a8211681ed2df1d891997fbcd1add6f4960eb05cda43
e3a4d27630c1d1f5f57a8d490047380ffd6f813b6ffa9eb554632ac915a61447
983378f4b350a997de3cd1d8e1c66a5728c2b34ea0b7937ccac824aeda29f7da
be84687edad29eae1d7819714c65881c1c8bd2bb9170c58f8b5fe5a34ef2a664
8f006585b173e95503af78fe048e5836196340b2e56f3b1b2946a5915e6bb998
980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b
22946068fd1e3e163cd2aa78bd95ac8983fddcbebbd2a7ec07fd2e752caa49d2
94e0979bf69db22ad543fcaeaf820f651a5ab917c74b6e329f7e9ee020cc7a26
cdb512760be3becba1ca6ceaa20786f3428bee9a0037be8a95da3e1910cd067b
1e6d877e28638122cf889cb074d451010ab7aaaab155348d1719c7467e697dac
ad4ef5b118ce9922d0adedc4ee0135aa1bc55a0ce537d7396001cdaf533856b3
d106446fe25932f01efe8164e5dfa001b5c8a05a8d42a3bfd90c306b5814ea54
6c29c5aedf40d9fd44024cd8ee9ecf19b26a10006d88ec3f76f47c70a2ad1122
6fb64f7e90516c0003e7cd104a2370a22c5949871bc653067d0100229f8f9717
7b53084fd46b89ffc9c41b0fcaaecc3e55579eef25037e68f1aee62d86528b61
813490a4f54269088113cdf7e413b2c9eae7ebdd9a88a51195b324ec6a0fcd3a
2f2c5ef0fb2db3d362fcb5ebd1ed82b5a73cd36c9c0ab4ae18dd26f225bb3e63
4cf806a71adea5b039528773d5857e5386af8aa61ad773c2d7857c9e23cc6feb
67f50cbee8d146700d13aba555eee7cef1b007947cf5f6dc6c8262b8a0f01c70
cd5661c73868cc4246d7cb01f785447b6c359ded6aaff8e1e62737032ddaa7e8
0ef8f46933f6388ca0374cda300f534802a54343ecade5f00d9cf2f9a6485638
SH256 hash:
8022eb6a31ff09510ea4bc66e3a92f6f5ef5cd23412d10e12207e93ec38c3672
MD5 hash:
14ee8b8b7e47469317d1012f0898b111
SHA1 hash:
c6da4e2f1ab8c277129026648cbf97d8d6126245
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
ff018bf75e7a1d4f279e93be837c31ef27bdbc266d67bd31afc9d38698199db8
MD5 hash:
3876529522f64a84ff34f13002547744
SHA1 hash:
56c3cccc6c7f396135e2f1262ff7140d46d69af9
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
cfb47bc0e75450721fbab6d7e77319be2ff963baa043b0edbbd485d6f18e6f57
MD5 hash:
0255dca41f11beb051faeaf2df41ca9a
SHA1 hash:
45079d80bbf36a65654d288171b6c0e42fd437f5
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
Parent samples :
0d60b66a4cf05690e7a7afa8a54328fd3b043bb5a77c9c45d59ecdbc8f7af440
37a3df3f3e43cf82060890197d96d5ad5e0b84b0995f1cd70709f96899fe2994
42131014120f6538128d4ca52b1eae8e23a543a5a7c56a42602f8e19fccdafa9
8163524766bde94fff9883de3c7f13bb88bbdd6af597bf3217613321caf43b3e
5cc55879af4ec6a5ded72775f9ae99a0f46496b45caaac6b5f58d67dad355f6f
8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
73bb3aadb9432efe0971a8211681ed2df1d891997fbcd1add6f4960eb05cda43
e3a4d27630c1d1f5f57a8d490047380ffd6f813b6ffa9eb554632ac915a61447
983378f4b350a997de3cd1d8e1c66a5728c2b34ea0b7937ccac824aeda29f7da
be84687edad29eae1d7819714c65881c1c8bd2bb9170c58f8b5fe5a34ef2a664
8f006585b173e95503af78fe048e5836196340b2e56f3b1b2946a5915e6bb998
980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b
22946068fd1e3e163cd2aa78bd95ac8983fddcbebbd2a7ec07fd2e752caa49d2
94e0979bf69db22ad543fcaeaf820f651a5ab917c74b6e329f7e9ee020cc7a26
cdb512760be3becba1ca6ceaa20786f3428bee9a0037be8a95da3e1910cd067b
1e6d877e28638122cf889cb074d451010ab7aaaab155348d1719c7467e697dac
ad4ef5b118ce9922d0adedc4ee0135aa1bc55a0ce537d7396001cdaf533856b3
d106446fe25932f01efe8164e5dfa001b5c8a05a8d42a3bfd90c306b5814ea54
6c29c5aedf40d9fd44024cd8ee9ecf19b26a10006d88ec3f76f47c70a2ad1122
6fb64f7e90516c0003e7cd104a2370a22c5949871bc653067d0100229f8f9717
7b53084fd46b89ffc9c41b0fcaaecc3e55579eef25037e68f1aee62d86528b61
813490a4f54269088113cdf7e413b2c9eae7ebdd9a88a51195b324ec6a0fcd3a
2f2c5ef0fb2db3d362fcb5ebd1ed82b5a73cd36c9c0ab4ae18dd26f225bb3e63
4cf806a71adea5b039528773d5857e5386af8aa61ad773c2d7857c9e23cc6feb
67f50cbee8d146700d13aba555eee7cef1b007947cf5f6dc6c8262b8a0f01c70
cd5661c73868cc4246d7cb01f785447b6c359ded6aaff8e1e62737032ddaa7e8
0ef8f46933f6388ca0374cda300f534802a54343ecade5f00d9cf2f9a6485638
SH256 hash:
8022eb6a31ff09510ea4bc66e3a92f6f5ef5cd23412d10e12207e93ec38c3672
MD5 hash:
14ee8b8b7e47469317d1012f0898b111
SHA1 hash:
c6da4e2f1ab8c277129026648cbf97d8d6126245
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
9d6c73e273a966a4ed1d93350392d965792ddf5ad201bfa28b8adcec2e344db5
MD5 hash:
adac60763fcfe4d5f4ad323046e79500
SHA1 hash:
9ced772a90ddec9fffde8c745225ad289f3f087e
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
ff018bf75e7a1d4f279e93be837c31ef27bdbc266d67bd31afc9d38698199db8
MD5 hash:
3876529522f64a84ff34f13002547744
SHA1 hash:
56c3cccc6c7f396135e2f1262ff7140d46d69af9
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
SH256 hash:
cfb47bc0e75450721fbab6d7e77319be2ff963baa043b0edbbd485d6f18e6f57
MD5 hash:
0255dca41f11beb051faeaf2df41ca9a
SHA1 hash:
45079d80bbf36a65654d288171b6c0e42fd437f5
Detections:
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
AgentTeslaXorStringsNet
Create hunting rule
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
Parent samples :
0d60b66a4cf05690e7a7afa8a54328fd3b043bb5a77c9c45d59ecdbc8f7af440
37a3df3f3e43cf82060890197d96d5ad5e0b84b0995f1cd70709f96899fe2994
42131014120f6538128d4ca52b1eae8e23a543a5a7c56a42602f8e19fccdafa9
8163524766bde94fff9883de3c7f13bb88bbdd6af597bf3217613321caf43b3e
5cc55879af4ec6a5ded72775f9ae99a0f46496b45caaac6b5f58d67dad355f6f
8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
73bb3aadb9432efe0971a8211681ed2df1d891997fbcd1add6f4960eb05cda43
e3a4d27630c1d1f5f57a8d490047380ffd6f813b6ffa9eb554632ac915a61447
983378f4b350a997de3cd1d8e1c66a5728c2b34ea0b7937ccac824aeda29f7da
be84687edad29eae1d7819714c65881c1c8bd2bb9170c58f8b5fe5a34ef2a664
8f006585b173e95503af78fe048e5836196340b2e56f3b1b2946a5915e6bb998
980bdbac9ae7d494daaf5e30e23656e81fbff319223f766d8c4ae65412d4d03b
22946068fd1e3e163cd2aa78bd95ac8983fddcbebbd2a7ec07fd2e752caa49d2
94e0979bf69db22ad543fcaeaf820f651a5ab917c74b6e329f7e9ee020cc7a26
cdb512760be3becba1ca6ceaa20786f3428bee9a0037be8a95da3e1910cd067b
1e6d877e28638122cf889cb074d451010ab7aaaab155348d1719c7467e697dac
ad4ef5b118ce9922d0adedc4ee0135aa1bc55a0ce537d7396001cdaf533856b3
d106446fe25932f01efe8164e5dfa001b5c8a05a8d42a3bfd90c306b5814ea54
6c29c5aedf40d9fd44024cd8ee9ecf19b26a10006d88ec3f76f47c70a2ad1122
6fb64f7e90516c0003e7cd104a2370a22c5949871bc653067d0100229f8f9717
7b53084fd46b89ffc9c41b0fcaaecc3e55579eef25037e68f1aee62d86528b61
813490a4f54269088113cdf7e413b2c9eae7ebdd9a88a51195b324ec6a0fcd3a
2f2c5ef0fb2db3d362fcb5ebd1ed82b5a73cd36c9c0ab4ae18dd26f225bb3e63
4cf806a71adea5b039528773d5857e5386af8aa61ad773c2d7857c9e23cc6feb
67f50cbee8d146700d13aba555eee7cef1b007947cf5f6dc6c8262b8a0f01c70
cd5661c73868cc4246d7cb01f785447b6c359ded6aaff8e1e62737032ddaa7e8
0ef8f46933f6388ca0374cda300f534802a54343ecade5f00d9cf2f9a6485638
SH256 hash:
8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7
MD5 hash:
e15fdf0002965bd0f4bf3824f218752a
SHA1 hash:
ec6d97234829323f5ac3aba4451f5586b4d79d62
Link:
https://www.unpac.me/results/8a2119a6-07fa-4c10-b1c2-0139d27cc131/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8a8e0e6bbd08/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 57f689359e097d0b16573fa4637d153e21b2805bc6fcb59e4bb3a30fcdc9cde8

AgentTesla

Executable exe 8a8e0e6bbd082c0517424117627d9a6740892357cdf95555150d87f98f39aad7

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 57f689359e097d0b16573fa4637d153e21b2805bc6fcb59e4bb3a30fcdc9cde8
Cape
Cape
https://www.capesandbox.com/analysis/406279/
  
Dropped by
MD5 e6d252b66324fce75399665055be68ac

Comments