MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b6da6511860d9a2c86b0ea5f1f31a7811d654a4cf638c9e98fcd806c59050a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b6da6511860d9a2c86b0ea5f1f31a7811d654a4cf638c9e98fcd806c59050a8
SHA3-384 hash: c0b8d91829c5b6da7667326e9322a37406c1f92d32b29d1533da53b8a092b2d897b2f85084c459aabd48f32d7cdf0ab8
SHA1 hash: 086af55ce6122caea47b9889345e2eb862766d0c
MD5 hash: 1c20af221e8698d42f1c4059805c5a63
humanhash: batman-item-michigan-blossom
File name:74725794.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:6'528'000 bytes
First seen:2021-01-19 07:26:19 UTC
Last seen:2021-01-19 09:21:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 196608:eTVrzkczpbo1J0mfPr++z7d7mKdaZc4p:eTV/rqLF7dfdahp
Threatray 61 similar samples on MalwareBazaar
TLSH 3E661206FB0DCA54C554767B0A936A3C27B2E5C7FA00CEC9778B6A2D2A92FC31D4C558
Reporter abuse_ch
Tags:AgentTesla CHN DHL exe geo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: services-feed.sapphireflat.com
Sending IP: 144.208.127.207
From: China DHL Express <5idhl_noreply@dhl.com>
Subject: 【中外运-敦豪】电子发票(发票号:74725794)
Attachment: 74725794.zip (contains "74725794.exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
74725794.exe
Verdict:
Suspicious activity
Analysis date:
2021-01-19 07:56:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/755c1699-363b-40dd-8a26-79e143dd3a41

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/112776/
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.12607.20975.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/584723
Signature
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b6da6511860d9a2c86b0ea5f1f31a7811d654a4cf638c9e98fcd806c59050a8/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rnw2muiymdm2fsdlb2s7d4y2pai5mvfez5ryzhuy7tmanrmqkcua._file
Verdict:
unknown
Similar samples:
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974
AgentTesla
2109e18f96cf5f627351d52a48eecc483b67e02fd3f1a0e58088f615afc3737f
AgentTesla
22df9f21a06e39c218062e506094cd16b272094b941c729c4a7c510145509034
AgentTesla
2d564ae361eb499ca493273e9fcfb88546105c88293c7633a7e1580a435cee9f
AgentTesla
3360f77209c2a2a5d393eefcb0229f34230fa261199aef2bdf17e8dda0ef540f
AgentTesla
3864000bdce54306e787beb73fbb02642f7a539a2c255fc6e76dcbe2e685c733
AgentTesla
75674ba2558d6fcf6d3992f09bd87aab282ea0b2d9bd01d6e0149a869506e3ce
AgentTesla
91a31ae7de6c7cfa8123333cec0fb4ac9317b12e8b1ede01de97936c8ab82ed7
AgentTesla
b93e5081bef10f47b8e037da155852225e10cb46b0bdbcab6d57a68364cb98da
AgentTesla
c914e1cead39ffb086bb87029bcea3673f8159087ef8cd7c1cf49eceba97ee07
AgentTesla
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210119-65pb3nv7vn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
a442af5c457dbc88528b416fc28c58aa31c5864faf0882ab51e0310be3b01111
MD5 hash:
6369cbfcb8f9cb5f5134a27fe6be7727
SHA1 hash:
feea789bbb1fe4bc117ae24dd2de7e6d1c6a59de
Link:
https://www.unpac.me/results/6a191923-7001-4f46-941b-1acde1117253/
SH256 hash:
4f81e273da20c5b9835ce6ca57cc061d77764f9e3927bdb1505cb791bf50b046
MD5 hash:
29e19b5dce96140a8b90152b16bd44af
SHA1 hash:
4f3dc6eb876bb58f53966980a9c451a04ec17d8a
Link:
https://www.unpac.me/results/6a191923-7001-4f46-941b-1acde1117253/
SH256 hash:
49dc26861fffee2f6440e56a10b7086ea305d2f16bb9e27ba3e08b9893557f86
MD5 hash:
e732cd6decfed3503b4020899d5a56f9
SHA1 hash:
024c1bf147c698e92aae340bbee323601d02a787
Link:
https://www.unpac.me/results/6a191923-7001-4f46-941b-1acde1117253/
SH256 hash:
8b6da6511860d9a2c86b0ea5f1f31a7811d654a4cf638c9e98fcd806c59050a8
MD5 hash:
1c20af221e8698d42f1c4059805c5a63
SHA1 hash:
086af55ce6122caea47b9889345e2eb862766d0c
Link:
https://www.unpac.me/results/6a191923-7001-4f46-941b-1acde1117253/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b6da6511860d9a2c86b0ea5f1f31a7811d654a4cf638c9e98fcd806c59050a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6c2ab744c77ead1b4ea974a59ae32072b276e305cab039181903d0ea140b6df5

AgentTesla

Executable exe 8b6da6511860d9a2c86b0ea5f1f31a7811d654a4cf638c9e98fcd806c59050a8

(this sample)

  
Dropped by
MD5 c7f78532bf2843d81f414776b05af422
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 6c2ab744c77ead1b4ea974a59ae32072b276e305cab039181903d0ea140b6df5
Cape
Cape
https://www.capesandbox.com/analysis/112776/

Comments