MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471
SHA3-384 hash: 34594d5f10bd23396b4423e8b75c6d67393c7931d60b3cd734e6cc3d01434789c899403420a5881ab3f1120d40077667
SHA1 hash: 64d553579b8292848f903e7fa825a8dcfdcd360e
MD5 hash: 7c9682596d5c11cf3a963553e00cdd94
humanhash: dakota-bravo-alabama-oregon
File name:QUOTATION.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:377'344 bytes
First seen:2020-11-07 11:27:40 UTC
Last seen:2020-11-07 13:47:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3c71e8f02dc3eee71c99d7c46768840f (4 x AgentTesla, 3 x Formbook)
ssdeep 6144:49klDLsljfZHam2nb94Avxvhusiqoy/9luujOJXhjtjPwd3VO7dF2oM8a3CLFMO+:49klUj2tusL/lIXhjtj6VO7d8oGCJM
Threatray 16 similar samples on MalwareBazaar
TLSH D3840226B8C2C072E927143005B4D7B1893DF9712E719C9FA3605BB9AF317D186269EF
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis7C9682596D5C.4143.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/523834
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 311012 Sample: QUOTATION.exe Startdate: 07/11/2020 Architecture: WINDOWS Score: 64 17 Multi AV Scanner detection for submitted file 2->17 19 Yara detected AgentTesla 2->19 21 Machine Learning detection for sample 2->21 23 Initial sample is a PE file and has a suspicious name 2->23 6 QUOTATION.exe 1 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        11 conhost.exe 6->11         started        13 MSBuild.exe 6->13         started        file5 15 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->15 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471/
Threat name:
Win32.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 06:51:22 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=skp3y7fldhhz7dyf5hklccs4jklqpsla7htbqp5izbbaxlyekryq._file
Verdict:
unknown
Similar samples:
2128551c6363325c0d054a9a4d19bd066a9bde70d6ee860535d298d6961b54d7
AgentTesla
344ae78ecc8cac02bb3dcd94c654b74543db829984f903f57dfab395639bfc72
AgentTesla
3617f1bf2ebcce123605dccd72dfbfc05f143d2698e159dc869e34ba38c91948
AgentTesla
6989ffe534c2303d7fcc4f5f8b81515a3d30a53ecb395a935bc46391de88b023
AgentTesla
6f463e4599313c87551cfc529feb1b20b5eccc8f4fd20f66fafe580140e109f9
AgentTesla
832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d
AgentTesla
c63da2dca25d6d1c17fcfd8041424f2232878b734072ab55f1c31a6fa083a9fa
AgentTesla
cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1
AgentTesla
deb96dddc557e467d8e3ac9bf5ee8fc167f74461d84e823925c0f8c7b33422e7
AgentTesla
f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f
AgentTesla
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201107-w5mp56qn5n/
Unpacked files
SH256 hash:
d1fdddb60a8505cd902d1c120c5334920fdd064204396207b92626f5d992bf8b
MD5 hash:
56db50b18b8d621791f4f13af5329557
SHA1 hash:
c3415963c9b7c0a58efc06a64fcd5786442b80ca
Link:
https://www.unpac.me/results/bc135615-c727-4a7d-9778-ebf70af17df3/
SH256 hash:
929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471
MD5 hash:
7c9682596d5c11cf3a963553e00cdd94
SHA1 hash:
64d553579b8292848f903e7fa825a8dcfdcd360e
Link:
https://www.unpac.me/results/bc135615-c727-4a7d-9778-ebf70af17df3/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Embedded_PE
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments