MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92eadd8fcf1d04978390cd854817d52bcbdf54ea60bd1dd3c24d8ab2bad843d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	92eadd8fcf1d04978390cd854817d52bcbdf54ea60bd1dd3c24d8ab2bad843d1
SHA3-384 hash:	97c3927646a2f919a0058a8d3d8b1586a839cb16518403e1f659bcb61db264357f77b6843d1455c83d424b6c54779a57
SHA1 hash:	a8eb6c8e3f83621e6237eb637d7ff4f47be1e9fb
MD5 hash:	8dbaeb95613404b722cddba9f846af5d
humanhash:	johnny-wyoming-river-five
File name:	8dbaeb95613404b722cddba9f846af5d.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	299'593 bytes
First seen:	2020-07-09 12:02:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	6144:GYxBf3jH/SHEKkWKrKtydyz8vZgWMKQFZEN38tqCHDSw:1zfSH1kWKrKyyz8vpQYN3ODj
Threatray	90 similar samples on MalwareBazaar
TLSH	1154F1DF9A930CFBC99A187AFAA3FC1812634A4857930C3679137A5ADDC04B48BDD5D0
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin

# of uploads :

1

# of downloads :

73

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/23730/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.58053.18062.15244.UNOFFICIAL

SecuriteInfo.com.Trojan.DownLoader33.58053.13876.13358.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Using the Windows Management Instrumentation requests

Reading critical registry keys

Launching a service

Creating a file

Stealing user critical data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/92eadd8fcf1d04978390cd854817d52bcbdf54ea60bd1dd3c24d8ab2bad843d1/

Threat name:

Win32.Trojan.Dynamer

Status:

Malicious

First seen:

2020-07-09 12:04:06 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=slvn3d6pducjpa4qzwcuqf6vfpf56vhkmc6r3u6cjwflfowyipiq._file

Verdict:

unknown

Similar samples:

0a739f4ec3d096010d0cd9fc0c0631f0b080cc2aad1f720fd1883737b6a6a952

2293a7d41f1e0868e0ce28fc1379d3ad9ed5e58cdbb84f152e6218da02c9ca8c

53afdc78b9ae97f2130dbda12deff6f86d32504dec7ad771d9e59ff9f4646b9b

57994e763a8cb4ffd90cc837f48dab46de26c3abbb9b3b76612fa0813d08a79c

5a4f664ec25252863eb4bd01793b93af16849a7784863115a1b1e0ff7aaa5f0f

9c1b8304fd7584fd24761e6e785f33f81d6453ce86f0e672c101e3e17757aef3

a311153c791b849034091bb57c8904ea17ee09b453b69bb7b28ab637389ad1eb

b2762663ec4cb81d9b5b27725628e1c9300575c29d558b24e2425df54cf9c105

dea877be3b8ceb7eb4cb1bb40895bc6886d3ccb0f2498e7b3c4257d726a7d896

df0defce758bd92b2db07399101c52e04c8059b1712ae0e74a420058cbbba52d

+ 80 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200709-ywr8bgeb4x/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Reads user/profile data of local email clients

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 92eadd8fcf1d04978390cd854817d52bcbdf54ea60bd1dd3c24d8ab2bad843d1

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/23730/

URLhaus

https://urlhaus.abuse.ch/url/410470/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample