MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ea119b72080d578b209c7daf8462f18fa70e9592bbdae7ee6ea63bd4d67e8a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	8ea119b72080d578b209c7daf8462f18fa70e9592bbdae7ee6ea63bd4d67e8a5
SHA3-384 hash:	b61b1a1bf9bf531a3370e6e206f4f9538d4f952299d111c2db5ebcfec0cc5a4abc22207ed5873137103bfb821ca57873
SHA1 hash:	176542fda0ef26b6f0674ff565dce6972c347f06
MD5 hash:	f4c537d6f5d174b812e5bcecf152d3cf
humanhash:	mirror-dakota-london-quebec
File name:	8ea119b72080d578b209c7daf8462f18fa70e9592bbdae7ee6ea63bd4d67e8a5
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	551'936 bytes
First seen:	2020-11-11 11:15:16 UTC
Last seen:	2020-11-15 22:55:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	12288:GpQKMRH9rOz/8F3eOvCIT1sgvsg7lmftHjmcq/xOu41H:Ce9SzP+3vOR1H
Threatray	183 similar samples on MalwareBazaar
TLSH	EBC4AEB83104B8DED52F8576DA957CF413B23D63C7CB94874126BEC629BB792EE0140A
Reporter	seifreed
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

3

# of downloads :

52

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Using the Windows Management Instrumentation requests

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8ea119b72080d578b209c7daf8462f18fa70e9592bbdae7ee6ea63bd4d67e8a5/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-11-09 08:04:32 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=r2qrtnzaqdkxrmqjy7npqrrpdd5hb2kzfo6247xg5jr32tlh5csq._file

Verdict:

suspicious

Similar samples:

0cbc69d704d4b9b3b3e0660edc9b088f48053f2c9ce9915e377d0e8b4fb03ef0

0d9409ad57ae998654661993b12a6434067419873eabc6ead3920ba0426290a8

0edc20539956868004d0f58330a505e0ceb2584e54720b18fb48cb69c43d2378

2d65f98577cae0d1e463145ab9394a5cc02605d9b6e46e4f98bcaa340d38a3f5

7bd7382e7c7adb412c92a59fba2d12aa6dd4a6dbe50a1115df58979c7e172192

9e045207e83e937a185c2a2418b5582d75d5df52fe6fa54aae2630bc0447defd

c75035a9d20e8c0c04f6054e270cf85588d4dc555000be1f25d3f70e6973a71f

d0be07347ce319cbce0fa252c4a030834dafe118c2ea50a6e05951ecf06b20da

e8da65e395c309509563df99675f2ddaa5339b55fd944867a479ffc5d3639946

fff305339851073d6a0ddc39c3894d9a47740b2a1f5fa1c05b21600acb9989e6

+ 173 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/201111-57kq8tvaee/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

AgentTesla

Unpacked files

SH256 hash:

8ea119b72080d578b209c7daf8462f18fa70e9592bbdae7ee6ea63bd4d67e8a5

MD5 hash:

f4c537d6f5d174b812e5bcecf152d3cf

SHA1 hash:

176542fda0ef26b6f0674ff565dce6972c347f06

Link:

https://www.unpac.me/results/cdb84abe-8d18-4562-a5c7-8c651e26a61e/

SH256 hash:

98f1ec063c0e92115eddc2992cd164eae8d96c49177483321b525364469c9cc6

MD5 hash:

415624be058a0819e01e4018900197d9

SHA1 hash:

268c761ce93ebe55398764b747b40ad175b7fb87

Detections:

win_agent_tesla_w1

Link:

https://www.unpac.me/results/cdb84abe-8d18-4562-a5c7-8c651e26a61e/

Parent samples :

55ee4e94de776d7e7748e9a321055cc59d0f0274b2b81bfae0f1f020a65ab33f
ee93284150283ee36fd92b1e5dd2c6452f105893abc4badf23ee364cbb37da3a
5306ccf8e071dfadc74127764af12ce26295dea128a1a73c93152fc4a5d47edf
6c7db3cbcde67820238124f2e18f872ead9184460bcfb2ab23c292f5ade625e2
7ce357f7c3475e91f3dd3880f4fbbaa6d50f7101044b8b24e2ca0ea70981286c
8ea119b72080d578b209c7daf8462f18fa70e9592bbdae7ee6ea63bd4d67e8a5

SH256 hash:

7b45b9b3294222d54e5192708e6211f410e08d7aa94c8aad4c314ee5873bbede

MD5 hash:

3c361461d6f6b93f2e8eee766b63bfa0

SHA1 hash:

26b7786aeaac9f83ab6234caf686aa767ba752e4

Link:

https://www.unpac.me/results/cdb84abe-8d18-4562-a5c7-8c651e26a61e/

SH256 hash:

d2ddb4f22291c4255f5401c63149da5b09ce09e73e66a800b849a770ac1b1049

MD5 hash:

61b5c737d3aa21157fae424f7fb3de45

SHA1 hash:

449f8ee454ea49cdcac7fcd029cc0e8f591d1b3e

Link:

https://www.unpac.me/results/cdb84abe-8d18-4562-a5c7-8c651e26a61e/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample