MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cbacb8e46e7e0359975562af75194ac8c2aeb5d216d755a2362c5a75b6fd6ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cbacb8e46e7e0359975562af75194ac8c2aeb5d216d755a2362c5a75b6fd6ab
SHA3-384 hash: 0767bb5774a9abaa5cf76e853e41da503e03bdb00c0cda7ca907ccdf84bdaed52c333dd28262c98302e85c8a1e67fc27
SHA1 hash: e16ea33110bfc4c4e72bdcbb68e0967a1d682628
MD5 hash: 2027ba85b43b1d80854586da73db67dd
humanhash: april-autumn-kitten-jig
File name:justificante transferencia.vbs
Download: download sample
Signature AgentTesla
Create hunting rule
File size:19'709 bytes
First seen:2023-09-13 15:25:57 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 384:1DGTTu2hSz8upkyULxkXOIWIc1KGUmuFG5hTVNN4Jj+p6g5H:1K3vhSQuULuXk14H0TVRx
Threatray 5'628 similar samples on MalwareBazaar
TLSH T16E924B518EC11639015706FB6A0D4938C47941FA51248A7DFECDF73E180276CAFBE68B
Reporter abuse_ch
Tags:AgentTesla vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/448446/
Detection(s):
SecuriteInfo.com.VBS.Agent.BDN.10969.24887.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6501d494829c3479a05e5c52/reports/3f78e4d6-0c65-4d34-9993-9d632c5e842f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8cbacb8e46e7e0359975562af75194ac8c2aeb5d216d755a2362c5a75b6fd6ab
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1308008
Signature
Antivirus detection for URL or domain
Suspicious powershell command line found
VBScript performs obfuscated calls to suspicious functions
Very long command line found
Wscript starts Powershell (via cmd or directly)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1308008 Sample: justificante_transferencia.vbs Startdate: 14/09/2023 Architecture: WINDOWS Score: 68 17 Antivirus detection for URL or domain 2->17 7 wscript.exe 2->7         started        process3 signatures4 19 VBScript performs obfuscated calls to suspicious functions 7->19 21 Suspicious powershell command line found 7->21 23 Wscript starts Powershell (via cmd or directly) 7->23 25 Very long command line found 7->25 10 powershell.exe 14 7->10         started        process5 signatures6 27 Suspicious powershell command line found 10->27 29 Very long command line found 10->29 13 powershell.exe 23 10->13         started        15 conhost.exe 10->15         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cbacb8e46e7e0359975562af75194ac8c2aeb5d216d755a2362c5a75b6fd6ab/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rs5mxdsg47qdlglvkyvpoumuvsgcv225efwxkwrdmlc2ow3p22vq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
22f66a34d2354f08b0e4924f3d619d6fa0922adda2827f7e6f588f5855e4258e
AgentTesla
56262526e4be76814245c822a6b521dbde2c5d3299f0db4bb2bc7b8fdee1e8b5
AgentTesla
5b55637a26181e3420983b78038cedc5b9f3b10ac3cf0b904c6f9195f3b28baa
AgentTesla
65991091fbb81c3961dd91240296ae03aec2a94ef682dd194134e8cfdf69f8a4
AgentTesla
90b9761dcd25c9d5b71632aceb036e4f7c66230a1e27fcb98d9a306d2caff7ed
AgentTesla
96df12776607bce40d6ca1c8b9e79ac9b8bc8057ddf91014599e5452896ef4e0
AgentTesla
d2475c14cd534bca8b3a7a584900668545ed04d7f04c55c0958e05deaec4a7fc
AgentTesla
f36fe43a1c1a1248072ec9dda5921505e0b0646e8a86551e2ec9b64d53877cc7
AgentTesla
ffa8e6e00d583ef5154e0e33f28d775858e9d71fd8e45247cec4e60e723f8f9f
AgentTesla
+ 5'618 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/230913-st7zrsdb21/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Program crash
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks QEMU agent file
Checks computer location settings
Blocklisted process makes network request
AgentTesla
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8cbacb8e46e7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/8cbacb8e46e7e0359975562af75194ac8c2aeb5d216d755a2362c5a75b6fd6ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/448446/

Comments