MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b7410e87d3dae734ce56c38b3d8601f5e79549afd5820da9014e93bbb00bc95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	8b7410e87d3dae734ce56c38b3d8601f5e79549afd5820da9014e93bbb00bc95
SHA3-384 hash:	29babf918e847271eac5e71280828c40f4b0add0f4acada34b19668fc673b26204cc12396023b5d704fca8ec0d7c3d32
SHA1 hash:	6d06da9823380f02fc47f7d90240c8470b916fcc
MD5 hash:	ef1b16fcdcf7cf841d7d6ec7f68ac06f
humanhash:	nevada-utah-queen-shade
File name:	8b7410e87d3dae734ce56c38b3d8601f5e79549afd5820da9014e93bbb00bc95
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	759'233 bytes
First seen:	2020-06-03 08:51:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	20dd26497880c05caed9305b3c8b9109 (31 x Adware.Auslogics, 5 x LummaStealer, 5 x Adware.Generic)
ssdeep	12288:uaHc64b888888888888W88888888888ZsscV7/9GqeMo3pM5o+F00q33rD+zG/ob:F86YXW7/9opT+F000ezG/aYFkJR30F6p
Threatray	596 similar samples on MalwareBazaar
TLSH	EEF41213B3C30031F5265A35CC76C044AD2779B949F0606A2EF9DB4E4EBA6C69C7BB61
Reporter	raashidbhatt
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

67

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Malware.Speedingupmypc-6718419-0

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Addrop

Status:

Malicious

First seen:

2020-06-03 17:51:19 UTC

AV detection:

25 of 48 (52.08%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

066bdbaf5b5526cc3040573bea83da7a384e0c97df13d50a7cc0716b1dd8e6ac

0cd84bfd6c8c5f61e644286675ece0013aafea6a538f899afc544bcbc0c00f75

2634e0e8f1f3eee5db8142e6bd4e011d7200d05aa6e5dda8fdbb31cf1ceeda08

32dc5aca6f7a54f4755ff65364abf1334d054cf96f79b0d8dbc2a0657c5ec1c9

99b2d9e790cfb597b01a934bcf113cd6675f4a5ef260da57ef2a86d68ecbc1b2

9d16660c6cbee0c09d8046e43cec9523ca047f7478723c7e04a255c644794c6e

9d50a832749b89ed5ac52dd84acf0ae6cd16196267401d1ad1cbfc8506f92bba

9ed8b4aa4693089d71da648dcc5a33cb2263d82cd522140e063d3150747a2f6d

d509d5b477c690a8aab177f7b76506ff8ff7f5436d736f65dccb2593e6113db6

d9edf42affd4dae1e5c0260eb6095e8ea3f03812e2479820dc6a41183adbe827

+ 586 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-6r5sam1n8a/

Behaviour

Script User-Agent

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample