MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d28d53a6536864dc5d3ba6a3c85f4fa9e6453de957f41570281114d31bec179. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	8d28d53a6536864dc5d3ba6a3c85f4fa9e6453de957f41570281114d31bec179
SHA3-384 hash:	b8f8df0745c7a4122810e2e1ad73764b88a4d887eb4a39f76e27c093cd7de90efc75bcb0445c5c0096985cb700bf720e
SHA1 hash:	ee1b87c03a4353ef961ca5a438f0813f3e24c6bf
MD5 hash:	eb239cb97f1c01d21601873a021274b1
humanhash:	spring-kilo-minnesota-uranus
File name:	EOI GMS 2021 ADNOC PROJ.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'060'352 bytes
First seen:	2021-04-26 06:00:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	24576:GuicFlAawKQw10FY46RcCBXr3d7K/xjM:GElIKQS0FhQcv
Threatray	13 similar samples on MalwareBazaar
TLSH	B835E01096984B96D0FDF379C830C7108BF6BF66D626DF5F7E8970A919F3B420642A12
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

EOI GMS 2021 ADNOC PROJ.exe

Verdict:

No threats detected

Analysis date:

2021-04-26 06:05:19 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d5ce7f81-9ace-4fee-b4c9-eb0def65b01d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/144197/

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.624.6600.9636.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/697325

Signature

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to delay execution (extensive OutputDebugStringW loop)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected AgentTesla

Yara detected AntiVM3

Behaviour

Behavior Graph:

Download SVG

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/8d28d53a6536864dc5d3ba6a3c85f4fa9e6453de957f41570281114d31bec179/

Threat name:

ByteCode-MSIL.Infostealer.Coins

Status:

Malicious

First seen:

2021-04-26 00:22:52 UTC

AV detection:

9 of 47 (19.15%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ruunkotfg2de3rotxjvdzbpu7kpgiu66sv7ucvycqeiu2mn6yf4q._file

Verdict:

unknown

AgentTesla

0c4becf98ece563f70f8dfa9c490b09eb5e0a7b8ee7e1ba73dc866946a65ceb5

AgentTesla

0f5d6f9319ad1fc8825f66127a3519e0956fc043bd7890f139bf220e84536bd6

AgentTesla

145c2f548e969570bdea146f357b1e95c933ab8d81961a93b70180b8bb9508a8

AgentTesla

1cfd977fcdc77a80d60767548919aa1e9aefab92548a18c44d1e110470ee75bc

AgentTesla

2058a16dae0afbc5a8be6091073e6e56f95469be12da77ef04f40fdd9c522b75

AgentTesla

22e3c5311fdf51d1a4edf847984fcb16361351ce5bef5fa3d95e6d9467c1ed1c

AgentTesla

77685f9f082340fc9e8a4a033663ae5c5593c75f5c9c7da78da7e3a369a8ae5f

AgentTesla

bdd3e02711a244f9cdb3af3fed65a5b94fdce88a3a5686b3f32bef9f64ceb555

AgentTesla

eec75b1c545e3770daa6c181b8f0f2a8911df335d239282e894c68178aec7268

AgentTesla

+ 3 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/210426-75axw1mchx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

AgentTesla Payload

AgentTesla

Unpacked files

SH256 hash:

e90a19eba5f2de3ba82f652221105bb0682b07c20abddec487c6f4354ea79c39

MD5 hash:

efb0de4397ea61e17d262e278b53ff86

SHA1 hash:

727fdf2ceb13262d56bdda24a02564fb3e80c8b0

Link:

https://www.unpac.me/results/266af5a0-0127-413a-8696-f5179b035597/

SH256 hash:

8d28d53a6536864dc5d3ba6a3c85f4fa9e6453de957f41570281114d31bec179

MD5 hash:

eb239cb97f1c01d21601873a021274b1

SHA1 hash:

ee1b87c03a4353ef961ca5a438f0813f3e24c6bf

Link:

https://www.unpac.me/results/266af5a0-0127-413a-8696-f5179b035597/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8d28d53a6536864dc5d3ba6a3c85f4fa9e6453de957f41570281114d31bec179

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/144197/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample