MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d2efc816642dfe895648eed3475a08a0625406312e3ad95a98ff8ed3cf0b93c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d2efc816642dfe895648eed3475a08a0625406312e3ad95a98ff8ed3cf0b93c
SHA3-384 hash: 9d413f248319edd74ef6fa4e3d0db85fe66b7700ee33678bc6b6774f0007324ee428b354ea4dbcbea52f0731d5cda680
SHA1 hash: 5f5f13f18530be34a572c71e2da9271d9b26e880
MD5 hash: 8a23b1453eccb212bfe9841753086ad5
humanhash: sodium-wolfram-sixteen-lion
File name:SolarisMetaversePatch1.0.4.exe.opdownload
Download: download sample
Signature AgentTesla
Create hunting rule
File size:63'506'805 bytes
First seen:2024-08-29 12:54:40 UTC
Last seen:2024-12-13 12:18:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b819c89ac9b569d0bbb77889674017b2 (1 x AgentTesla)
ssdeep 393216:1AXhBQ9KOi+Qeg6A2M8Qsh3v/i9v0A5SV:+h0VKj2pQsh//i9v0A5a
Threatray 6 similar samples on MalwareBazaar
TLSH T147D78C11B3F80629F1FF4771AAB28015DAF6FCA66B11D68F2448559D2E73B80CA21377
TrID 72.7% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
13.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.5% (.EXE) OS/2 Executable (generic) (2029/13)
2.5% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
dhash icon 0068006969007000 (1 x AgentTesla)
Reporter Anonymous
Tags:AgentTesla exe nop

Intelligence

File Origin
# of uploads :
5
# of downloads :
1'228
Origin country :
TR TR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SolarisMetaversePatch1.0.4.exe.opdownload
Verdict:
No threats detected
Analysis date:
2024-08-29 13:27:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/dd136f0f-78b6-49d7-962e-a51890f5650a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66d06fb2fe69a9e56049dd41
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8d2efc816642dfe895648eed3475a08a0625406312e3ad95a98ff8ed3cf0b93c
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1501183
Signature
Contains functionality to prevent local Windows debugging
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Score:
1%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/8d2efc816642dfe895648eed3475a08a0625406312e3ad95a98ff8ed3cf0b93c
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ruxpzalgilp6rfler3wti5naridckqddclr23fnjr74o2phqxe6a._file
Verdict:
unknown
Similar samples:
46be67fb938c38d5856a75c18892e478d99301fb0102820022d5a9e0363d8e92
AgentTesla
78f0a7a59e4ebee326f0630f21f6d13b1ba7b9e7bc6e90fa9547d06ec7e39b4f
AgentTesla
9fc0ceb1941f3d7ba4aec425cd0bd116930f5c45649dea273aaf18bd7d7dd383
AgentTesla
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla
Link:
https://tria.ge/reports/240829-p5r6xaseld/
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f59156cb-7c77-409c-b74e-187e97cfa787
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (FORCE_INTEGRITY)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSidSubAuthorityCount
ADVAPI32.dll::GetSidSubAuthority
ADVAPI32.dll::RevertToSelf
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CreateStreamOnHGlobal
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::SetKernelObjectSecurity
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
ADVAPI32.dll::SetThreadToken
KERNEL32.dll::VirtualAllocExNuma
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetActiveProcessorGroupCount
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::GetWindowsDirectoryW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegGetValueW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW

Comments