MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 20


Intelligence 20 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
SHA3-384 hash: 1353b4d7cb4063c475da9912d7548f3477490a4a5e779a4bd093024aa9ff4da1d368283ee1949a88e7b348f710ec4317
SHA1 hash: 0f655dd7b6094dbb24f38557d957322a4348122e
MD5 hash: 670b57f8485d6b939dcf21fb8187b3da
humanhash: london-september-wolfram-chicken
File name:QUOTE-4K748388-A-CCC2.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:600'064 bytes
First seen:2024-08-13 19:12:30 UTC
Last seen:2024-08-13 20:22:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'737 x AgentTesla, 19'596 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:BbKr9hwcRxoPy8thihwQDzw85u1Qs4wEr6PaRtC:Ber9hwQxoPyMA+f8YnnE2D
Threatray 1'053 similar samples on MalwareBazaar
TLSH T1EDD42349107CA337D6FA47F25C2BD14C0FB9236F6D26D35C28880E576A6BB64CA934C6
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter TeamDreier
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
492
Origin country :
DK DK
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
QUOTE-4K748388-A-CCC2.exe
Verdict:
Malicious activity
Analysis date:
2024-08-13 19:16:54 UTC
Tags:
netreactor stealer agenttesla exfiltration smtp
Link:
https://app.any.run/tasks/5aa72ec9-410c-4f4b-949a-62414b61ec55

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.BackDoor.AgentTeslaNET.11.31358.4503.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66bbb053aa5b40be0aa02a62
Tags:
Execution Generic Infostealer Static Stealth Msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a process with a hidden window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Using the Windows Management Instrumentation requests
Reading critical registry keys
DNS request
Stealing user critical data
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/66bbb04a32f6d05ff3cc5088/reports/636ae0f6-f15c-42ae-85b6-352a16c5bca4/overview
Verdict:
Malicious
Labled as:
Trojan.PasswordStealer.GenericS
Link:
https://www.hybrid-analysis.com/sample/9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dab90523-a89d-409b-9d47-6c7a1d215bdf
Result
Threat name:
AgentTesla, PureLog Stealer
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1492436
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Found malware configuration
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suricata IDS alerts for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1492436 Sample: QUOTE-4K748388-A-CCC2.exe Startdate: 13/08/2024 Architecture: WINDOWS Score: 100 26 mail.mbarieservicesltd.com 2->26 30 Suricata IDS alerts for network traffic 2->30 32 Found malware configuration 2->32 34 Antivirus / Scanner detection for submitted sample 2->34 36 10 other signatures 2->36 8 QUOTE-4K748388-A-CCC2.exe 4 2->8         started        signatures3 process4 file5 24 C:\Users\...\QUOTE-4K748388-A-CCC2.exe.log, ASCII 8->24 dropped 38 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 8->38 40 Adds a directory exclusion to Windows Defender 8->40 42 Injects a PE file into a foreign processes 8->42 12 QUOTE-4K748388-A-CCC2.exe 2 8->12         started        16 powershell.exe 23 8->16         started        18 QUOTE-4K748388-A-CCC2.exe 8->18         started        signatures6 process7 dnsIp8 28 mail.mbarieservicesltd.com 199.79.62.115, 49707, 587 PUBLIC-DOMAIN-REGISTRYUS United States 12->28 44 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->44 46 Tries to steal Mail credentials (via file / registry access) 12->46 48 Tries to harvest and steal ftp login credentials 12->48 50 Tries to harvest and steal browser information (history, passwords, etc) 12->50 52 Loading BitLocker PowerShell Module 16->52 20 conhost.exe 16->20         started        22 WmiPrvSE.exe 16->22         started        signatures9 process10
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2024-08-13 06:38:35 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
19 of 24 (79.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=soenctel6dpv5ntap5tgm3mvsal6ixqbzyfcfmzny54wwegnbafq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
AgentTesla
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
AgentTesla
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
AgentTesla
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
AgentTesla
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
AgentTesla
+ 1'043 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection credential_access discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/240813-xw3kaa1erh/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Credentials from Password Stores: Credentials from Web Browsers
AgentTesla
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/cd7fbcbd-503e-4003-8afb-7f288565227d
Unpacked files
SH256 hash:
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
MD5 hash:
fe9b94bc0027a4cb1c82a55191159292
SHA1 hash:
f28fce2bbff4aef4fcafdbe538eb7d26f0b3f061
Detections:
AgentTeslaXorStringsNet
Create hunting rule
MSIL_SUSP_OBFUSC_XorStringsNet
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
Link:
https://www.unpac.me/results/3ec52bbe-2a78-4102-9fdd-3e2780b88ea2/
Parent samples :
c30918e678ef92471a950450fd052eb49cbf066fa37a42bcf9c70b4a7522f86e
c88c132a285ea816d2804c27249cc2c935865507f094c8e73c27f4bfe8a87cf3
40f520059151169261544437b55034ba75964151f2fb4e931b9c5f648672d70c
5f60065f39cfb14defcad05927bd60aad0f5dbca0977a88cf0afe78ff31d5c63
e15f9f1f3757325a4af0c327a602598d1f52fbaee85a0a1e370b7437ac3e9ebf
edc7431f81049c3df92735f6834e59da7a2b7fb3f1c9c7838d0ae4ebbdf86cd0
8c87e92f4606b57b1292de938a18cc24e181b521092b17800f8909eb9e135c13
e08afe506a39a4bb08a3e299b56382cf4c1ef488b723fb45525dfaac2451d2b9
21ea63d0aac1cb7fe26cc9693ba53b931f227bd26c333a622355ab218059fc58
8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a
13e36dd78efbec69aab73c92a926ee54f892499fbe5174442ef912731352a839
4d2b3332bac8fc3295fb6941f27014b6655c4f854ee6efab83b33652cfb463ec
46247eae2879b89ccae5e98acabb802062b6f21dfe86eb604ef136c2bcaf4958
484794d12f8acdb2894d9009c17421bf0b5be491eb43273f35bdf56295b26ff0
96ab76c69460cc8d8a255ff6ba2fa73091856c0730aeab47cdffa43ab8249c12
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
2e258ed170965c8d26e5e284e9b6f0204b7be36b68dc0221d11f1a446e46e153
342761981c08642199e312e11dfb8584c39c36dcf0d9829398b5de8de6302155
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
e30c2f0a1b9801273948018c318bee81a6a202f4c2411682186cd8abd1ac387c
9c5c25534452390522f00bd000ccef1275b398f83e60edd5c1243cd0666e8406
cf3190bc9c7c3db75b48b4e180a511bdfb62942591540f88ddae24f2fa3d049c
4072d54cdf2a168636a24c4063e56694d071dd91d4337f2413d762841d5ed1ea
71150325320f5fcc0563996a9cdf89217e8a743fe3a75e754fca5fda5c86cf67
e47231e1941487788c99975572fc9fdeb6a4948ce8cebde1e3def61ce628fce5
a159bd480f79fa31be7221debd26ef015e4ad69efed117d9b2892554c73f57f0
6819d0ef008f17b3bffc407cbc8e37c43eabfdc39bdb10029afb535f542e4d86
ee4ae0633d4f95d3611693174a516e4a4c20dddaafa737245fd8a7100a49b9e8
21a19482c7a1a678d0797850431815d7778aaf3c76218e154cd36f13062e378a
f8eb4a77eb29f42fb4ea1c255a1aa67fa622a9e5a8f7440cdf8ea8b5eb1d0ca9
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
e1a098790e575bfbdde1957b2287912df823590042759fdf8e5e2adc26857137
9dcffe8f3437c5c785db60eec5594c3b22ebbec969f02de1ba545b3a70a648e6
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
4e10c6fe5d0f656aab6d41c6a359bdbf658cafad4866583c8872ed60ed3018ed
a942a5f750e75de35ee750458c6849bf62af8867469873c1ae097a3f6cfd2ff6
5e1482b083ef98d77ee7c436a9b074e942d605a9b4a6f6c93c0eb65c8b82e359
ddcacd894280453eff2a06fed2994e57b701477c7af50d538f43f5c40c37cfdf
b17e991349d87089f0a98094f780531ff8ee0b89a2446aeeecd61eb77b2c5423
f7e3d289131a067c332064bd6f6cb7d336f0fb0476af14eea1d1b1a7127493a9
5ca87353c4d37e66f76875a46235208796dd620ad3cb7cebc6b5e66be55b2913
2581c92f9d54cdec17c02ff7b814ee3f7411c4f7c5e6bd1e4ea95431a1217a37
4af0ad255ce753c34b265d5714681b436ef635cbfc8dab10349ea913547be805
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
24565cd1781c0378bf33859bddd21713cf1b624d2ab697921341ffb2c995e456
9a71fbe977c8db9b96f804494901b49117db817bce171818140629a345b7eeaf
4d62deb9e012ee45a9b2d5c90a15955965957d3c8065b24efdde65a9c8a33b66
d7068c23337a266991d88993f5b73c093a8b864f8f90359aba2026c02a1d027f
56b1b13bbe42015f512de69de47af0abda07316f4edef30f2c1ebc4c5bde5bf2
5c08922622153fcfa1cf05af7f0bdf474c6f9990c4f529742516a03362675cc0
37109eb42fff729d1786ca4b676167f7acaa918a4abaf3bb465cfed6efa2b134
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
75d0f8641ab2d7d47457fa1f1eeb338b2aacb9e356a539d18780c273d5a37a0f
78fe38ba9a5ee5fc0156e1d2a7598597f0fdeb85bba64c86bcc36ed9d1d24bd4
fe2ae83c4440daa77bdb1c5951efe680fe1a2e41209ebeba1ae72792d9c9ae06
a07df7d83e05047ef95a78bd47023a60c53414cbf1d6cdb2bbba7ad762675a28
2363d23876a13f38f92ae169c04f2d12bb3ab6a027b4f46f144aef5a02ee0105
68729fae59820aa23f3229fcb7dd8a438d31e3635bf621a1f53a8086ffadbbf8
115fc6621dd995b238916ac8629521d718fb941f0b455f019c85b1a4174f47d2
05d703bba8967b2bbf708b1c91e364b99e6b2b8f18f59fa07c47d4da47e0272a
ffd7d83a9e5fae75ed025a5e148013b4d3e7da5817bc715e4e0451a535d5e507
e967eb5ff57e890dc8aa2bfc44a97c5016fd2c514590be458e21cfff334df6fb
8c7a2e6b92c3db88ad183a2a6da6f523be61e4268782fa03c7bd4143f614ece7
859ce543eead04b946a2d77d7d2a9342cfdfad1698fef1d442cb51fe6429eef2
ba38c374f40119a4acbdab2bc171043b87bae2d299b2628f2a02da87e851c97f
3bd2b14f49671769cc1b82ab8e12b1dfbfcd126a440a58e75feec717f036e10b
dc87604f1d5dc29d3aab245b6384d1886819e53b48118bbcf8df9fdb1b58dcaa
8ad4cfc5910c7367a8d9e92d4a1ebbb02b659abef458d8ee765ac09e3e46a484
493b28fea1ea39199b503c952ab4efaa8fd3ba5a5d5a2d9df0af21d031f3ea4c
348a670a96b8de07cb4c376807d33bd7badb5f747917dfec6f3fbccf7c966bd0
546569a42f00553d7fda79e6961779afadd95ea8e6a8738ef344275f2b642244
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
4d25a079e5c17965e6f79e9f47e122aec5b86b5a963525e6c1886d8c7d532e9c
d90ae55888f77f6914a142f25a20a441f6947cc4074f17cf8ecde99d41273525
7fbb218c97b61a5da84737c2b149277bc2d2c06601d891704d16924005379a2f
3372a33e02069a1a01adaf93b869ed66bdc06cb5b886e57c6f81e0243d6ec3a4
b27978ed194861aefac16772c229ff70288f71cc59611679eae88035a6c0191a
269e25fc0e57a2a1cbb6e3f01936142b4c6e8807d7e33960e5e8baf38ef3b631
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
cf0640554fe636e6ad2983b7c61a4a62e3d368080bef6084024e23e7dbfe9715
7f24d1a1ac882a4e9da16afa9f05464cc7b4a59aa42edd8855543a10319f5be4
03d70e61c415e7a0e2ec76c31cdaa056d05ba4a0c5424611df5b5b69c1415ff9
963574e90ebf7786aaf6a17966441068baeadbce658ddd2f19af9a9f3f34c7cc
42db38678ebdd31dbcab40014ff3b96a8b263f77e8484901226defbdfbb8eba6
ca43a036727274823265311a9995eb0c70e288bd44c5655a0d231ebf108a30a4
836e1a1a93d29eeef8a26fd8001cb5efe017c899bea5c4d404db74cc7e6ea563
165005cb8423f38beba5461a10f3cf5fb69304013b5033463265c5457e48b76d
99da41b6e12ed59550b34c28d2a84eae0a31c5395bd589230a368891d9053159
9ee9ae311878a9fc88d891aeb7282d9633a90bb4f3a8688216fa3e12e4f33bbd
c015ba3cf24ba3b9a60b53b0f36fcf3368296c4951967ce63b3e6a6cfb3e7472
7a67d110bc1f15c95d420969b5ac6a78ae1d3c6d0f7d4e913af4a7db142a461e
4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372
62c012d00a605e319f4b61150151a4d811b80472e91ebc4bdebd5d98035250d2
efad3269d3bd9b9dfea3c1553dde89ad411d4dc850ad2cc9268e291ed3af1c6c
76ee39157442dc28e64f089260ca42ec5374ae2fccb99d0940b9717e48e6dc86
11013cdd71339c3aac7041ef80912c8c03786f5967d58c539af0d560687089e8
2791c4da37ccfaabed34d36c65d373650dcfa6db4cc8f2990d671e1c01cd74df
3420372e13d30995161a73ca1b87f59273f2e9986e6763b87527d91ed53df8ce
137e0a944efefef514d0595cdfade088a59eb12404a1469e76cd024ebdb2d1f1
aa31c3c2ad5f799d3b7d964c05c4a066921ef60aee8b3f96b4c95ba38518c692
8d8331f4dc08f7610760e59020a52423569dbbc5e7b03efe8026917f4905d19b
b612dbe8660225d074563250626237783bfdeedf5bb38d5af1e2789690787fc8
3591cadebdbbaee9e75158d085435cf81ba8cdfc5c92b050275f9b490ee60998
2abceffc33aa61d03182eeed898d402dcbfb1ddca4d1e6ee4b0b0482aa4f3b8a
e834cc0db159080a88d07c5e1c843905f7eb1f3b0b48ad1c5377f159fcb5e5f0
5b2d21f50ea195e247b45b8330c18acfd0f71e146fe40489ee8301c7045daf04
238525043acd0e92e92f6317fdadcb469dd26ef5cd7460e0188a673165ebef84
a43a6421f9f5f7ac6ce878ceff99e594fadc983275f4f2f464341e5564784c70
e2fed3e4dc387c2c5ed61ad006a9c346eca49f388636d31e48e19e81469d365b
4b669a9882308c41461e55b5c429cad387b139f10c73bf23bf4181a6b42544f9
5bf7b4330d2d77e12de0b43fbf876300a792e27fcd01021f02215a918781f61b
128eff6584a219a06cf80b831dcda899a96695f279e039dee81ea862aaadebed
e25b37773835f8846b990e84b23d62fba6130042452a4f43d4a8b3a6ed0c25ad
6a3d938b7100e9c39f7090db739cdf40f4f8e951bc39ead4d7b96c59c387df4f
e9b903a7b8f21807cb8025db679ffda1a2d8aeaa8de550259a7dd287493c8bcd
7dd6e7353eaa5327ca69dff1d7e598b3f36240aeab1efcbda34b295d9418ed15
cece3161c3a7ca97caaa49e774c6811e1f378cdbfe9fb37e17f953da7f8ebd08
36dc014cdc1ee051b88eab111948730fdaaa261506d32e2013a34a2aaea0e647
4bb06d5adcee687a9935287829f07670fc03579b1761163926f8f92c72173295
dd8dde439f81fa4a6c927468424e86bd039b0e7d20ce6bd0b64aace0a4ac17cf
fcf8187bb21250eb6f8bb655b18684b374c6135a2696c0f026da4dd65ea82e5e
ae818fd422d1eba54edfdbb1043f749b9931038157e3db1675d7c17fff3d1169
f532b6d77041027a94bfbc117759218899faad1441e4f60b57197d0a687b9240
2218994e51c15b1b3b403073b062c895bae9704a3255347fcd07d5a0dc4f217a
ef0d48f4ab28cc338fc29affea2e019f1aa34a54c4220b19a13f57f73f9f81a3
a21e5885c3e892eb1f2adec7d093935fa7746ea10ca638b3a00a73d67caddf7c
767aa72294b73ffbe525ee35fccfd5939a9cf6d1128717ac159ee9b9f9adc759
34df432fffd0dff5f4a974f12dd75d405816892e113100f34ed1b3bac7358ffe
fd21ad1a514c00f3cdadb7b6cb1a0414ae3ba4ff3a822a6a1d44857fd65bb998
SH256 hash:
9547622737f684c71eb83f7c6e967940b1d0156a1a64aa035df5effe62a85851
MD5 hash:
f469b1498f568970953d96555898d36d
SHA1 hash:
c55d7fffba309cacb462e20f3befb58c9d6ead5a
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/3ec52bbe-2a78-4102-9fdd-3e2780b88ea2/
Parent samples :
992c1fa1d6584c711280bd3a519018a88c7766728ca0b51024484d9a83ef6d9c
42ea2959f92f9405095a311f2b521eae1c2cbfd17140699710f22db8af6cd1c2
5ffafbd40ac9b13b7376211d7251c3f325cf78fc74e89ef58dc2392983f36e45
c081714907fc943cff0b637123039aff0237a226de4fb171cf430ed7c1da1163
f9898f9bbef6d022dd0ce4343009f8d8ec465322ec384723e565a7ff0db259e7
d5ac08bcb98cee8bddb8c0bea474d1ee71355dd9051053570b395af20092db4c
9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c
aa7527286fcbf1bb73cea645376dc644818c67af055b34562ac966cf9e749816
cae182d9f55fd8dcf113b89273d759efa895a0ee2200f6e948414bc967311a8d
322c8e0ba72b41a9ee9ebdeeb1b1d71cefd9ed9674e285efed105c0918834b24
524328b6282edf32cf0f983b0617b5a97c0dcdf68105f5a57d5899bd71ee9dd1
fbe048c713eda8c6d74504c440ecba4507760aed537fbba6171a4566b6452455
1ec72579dde53f80d7891b6aedfa8b3ffb6aab9128581ac4b3fdca8e059404db
b778e6e8c6b8265fff7a08768f5f1364ad81c68184902032589eb1e4b67df244
fb6bd382a8f80cdca9acb350878193f1da9e2d9d98ef630845864017696b2329
bd0f7c967e9e445758555bceb76f68806dcf1f3185a58e71cbbb117645f4b521
651d356971d645a45e69342612a4cbf9017f4505ec7cf3716636209022095f33
08a3597e4284ae295e34dbac9193cc53d8a1aa9106e9eda71d0f4724af42ecc3
87044fd80bd4cb7069021fa48e337e1ffc5d6f192932645045536ffccab8c4db
a004eb8d88af987841b7df68f534b59b5afb0e2edc346ad0c001fa699ad61d58
415afb394789db292ecd31abe20049f34847c3bb61efa231a652063b645e9b54
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
9547622737f684c71eb83f7c6e967940b1d0156a1a64aa035df5effe62a85851
eb157c504db169151fa7b7c8e3bebd364a4895740bfb3b1a9434c58fbacfe7a8
b9dc19311922881ab92fc3cf26fbeb9fb632e9452bf7a4149ba95a94cc9ac82b
8a2bb551ab8c8dda94f89421cb885546f6507ec2ffd24084376a2b4992378d59
980b094b0fb8f34cd9e32dad5cb606b32cd4a53174bee1167c8cf2205c6a9143
f38b5b8277be8d2746c447f0e67edfd4d4e4674a2b5697ed56da5951bb83303f
d7355c0260d7e9d92bafe4aab56563c9da8b638ddb76662204766293caed11dd
aa87f9558b736af2adaa619f7e0eb6a9decbccbbb9ab293384e8bb34ea5a1f5b
e0ea5f8707d74f841bff65b37c4000db58764172a288e9716e36e184ae4f9e28
1aa84013070ff5d0671876d6870561811e536359d11ebec627152c176d39fc07
a4b1dfabf5c72421dc8e842584ab451276825da585145b7b7f6a98acb31f6bcc
ad9b8625f2d2b98ff577f78aaf80cd4ab30b640680135cbb2328a3ffbb1623bb
ecac6d92782aebf3e6545f550581065908e697d8e96461bc7d3f3284d538916a
2ac9a77b93473114fcb276f5c1ebb99a8e2bfd82bf5d552f067561e5525811c4
ed7a1d3478eb66a7f8ba8a0be3da616f98340624cdb94f3474456ac400945058
9ca8eee09fea593c3acb722b9e401150d03f7d7b047f6fe9b2165749984f8bd9
71bb510143a05690f3fb6e06f6abec1c5f19ef41c12c51a9a8df54a2a5335c3b
800c11ad02fd86a237e66837e9e3e9654f22affee4e325c9fdcdf12d0f1563d3
6327b6e9e74b0de0b947bf0697757dea0d7ae998e34cacf0c83ec51b1bc61569
1b59c71c93caae5a01f0f6f2d1395eeeccb4054d42afdeb0e4b18af95eb0ef2a
bb65a6ae6428f0ef1e0fbc789070fe108b7108a154ece202c5a011c265c7332e
d9e1a2fcf6f37d422bd254c1231f2fc785bea5208aa8e71f8720249d3b369823
070b26a4997c79949e6e34ecbd430a7f23c4e08ea426df2a743de893b8e9243c
d5817e8cfa2e2f8abb5feea016308efb1cd84e4f15ddd6b9e48692f626b8f927
567b160f11d65b2711fd963d33562351d91b6aafc4b21cbc5bc20a30c25e8a20
0512aff353c2a083222ff3f6007e15ad5e3e8d400ae146ae1f0f917de8c63f1e
d60b032f5282abd950e262763251fc75c155b28c039aaddf0d7fa0ff7850dfcc
b264d23c08e569cfb116398ba9b68da55c929a0450795a1194c296cc307b4d65
396b9c091d6328765df31c29d2e6e5e28f2472d63052ec39447d4325b8f3bf53
SH256 hash:
0901b08b2561761c7cb817c6251f1bc3de01eed30a4c5fe191e881df7a9b2154
MD5 hash:
b60d2cb453992f3321fb71f59cbcad1d
SHA1 hash:
9897b52f8df71ffdd4569476d74b9147399df1b8
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/3ec52bbe-2a78-4102-9fdd-3e2780b88ea2/
SH256 hash:
f423d84d2ddc5df53604aee7349c1d505f83c2ff4d40ace8599a3ae250713bde
MD5 hash:
afbd93b23860336c5b0ab72401a383d3
SHA1 hash:
14fc9c0d9222b9d0a128c3e3eee08aacc675e3b2
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/3ec52bbe-2a78-4102-9fdd-3e2780b88ea2/
Parent samples :
6659e8c041d7b2bf5ca0756ea730d0f8cfb7a81da170c1e4c4210df200b0dee2
6b2b45511ae0d69b6b56f7ef9250154eef125db09138d5eef1a50312fc7ae438
7a43feca0b94dac643e10cc217a4dd5d519399791611fb9629aa186ba277ab00
c5dbe318fd7c0e940076daa196db7ce375826b316ec92d8135c5d40b95444ba9
60bc892c0d2392091394c2ba22701447e399860c4b8d9a0dee014db3da78b1a6
0033282255789363dc319db1ba376b7577a3a7135e40ea6b0f1f97268a2f3e9a
6b112c998634e2a7c4b8f8442ff09f67f9e02cf6273172b856ded617a61fcafe
45a822e7976bd1a2e146ca406840eb17a1686f3617d83b2046919064c938232d
9c3fa0cf5a8cdd274caadc632a8c8fdcdfbb06b19dda1c3d643f83779d6e4a30
bb1e2de80c807601372e07f8472f50034e76a4b7e820470c9a81113ddabc497a
54c911e8a2129ddb9a9d7985365bda4f0e7b186e012a214e9e7418dcaee8ddca
1b9e77854e399411406c1f8e3fa6e0bceb4a1284c7bedeed503bcb24bdcfbe30
5a4a51d74e1843630ec0749d480f0057efd6d0b3e867253d1e871f6394171dc7
e0e47eb2afd4d768185ef4341fb7b080dd3cafe2e9b10d2809b5e9ea16a0ba87
0211ec291040f1e5ada7c762b20df963381cae88923e3f103d588a382d3a19f3
279f77a56f1d886d5dd4e3a1e8bf1434f5f6f53b0ffa1515e6de5068009a79cc
609a64418e3398498d83f38beda01d2b2466a5e6facd614a743b41080c8b9b3a
a09effbe070813fd8998f3d09fa1211860faf38f174f3505b0325a9cfae303a5
af013d9096edd166f1cdd1bd1d2fdd944982876a6d263965929f3a8f30c8ef65
35845d281a91dae79912a7238697c8b1d074bbff2785b621e0836f7c01d80b6e
94b67846d37007341608fe74d27d1ae0298d558d573a172d9013c42828eaa14a
907f3a3cd382c37f728f7df11dcc3dd39335c48f98960b9aa482e229f5e64bff
6d4a4773e58d272f90abdde88661ce929741814276e20ea43384114f6e6cbbe9
cd07d0fac4b94c3086b1b1c319283a56be96801bca192ed9c42f7477cbd0de68
370144cb64d21ea018188016587de41427ce6fe869438f1a37a633152e565223
1587c4fd9dae065e7798d27b9b5a482a92b53386cea1a362ac903bfe0d0b68dd
c708cc67a42e04e58e49c8d3cc2cbf2808e82cd075fb1dee85a9d7ce772673ea
5ba9c0369672e2fc6bfe9a4ab55d9c472338990d852c174329200b9771fa1093
4fa1ca606365828c737719be7a0c944771c4c9309896a71f46decb99ff76ff30
28c798bae08538f754e6134808dddb9d647808e4bde8ff915a137022bf8f3936
94234a613eee42af83965884973b29b57e30ef77106535fd6b3b1efb9d7f2ae3
3529d112d7187b8dbb5a73b031c1cf1c7341a49d84290d98065be1786874b76a
5b47063fd9223d5539609abb082e0f05e79eb13b85ffa528a00bf8416adf587e
52f50590945c2755b5046e1e6d5e8bb1a9118b7400a97f19ae1c668ebd578294
84e1d7ef0ab4497dcebb07087479a40b523745523a292cb2da040b686b537a3d
2ed14fae52e98301da8761d3118dc86d36da2f027038a9fef759a1b5103482e5
339faca706c98cf8713cd3b56122442461c3810ab69988b1ef1ecd2275e33b41
cd4521a750a5be16379c573fda96dd95aa018eaa2029ed897586502bbe9b4ac5
f7f82a197f6703153e07c7b37c741c1d02b7a2ca4368d10c53b200c1fe3d4142
6664b2f256e822c8576d023fb1e11714d47b00c26ead3e1e7049d71367bf48d8
d3e597c7a7074ebbbf6def6c24c0b979de124435a2c9a01dcb9a36ee1c5864d8
d9863b7b710599bc2b308a0b78970da8c42ee5bc6d3dcda05c2de52a88125726
2a1025eae11aa2da086cfecfcbdf8145b5e12803749b53dadc500d518e554987
ed48c621c71ba4656924a10d327ea39fd70f6435813b2811465ac1ae2b77ce61
ce9429f517f80c390c71168ea43ad578e7fff7acff1abfa50d8167bad73304a8
50e59bcfb26bd248b9d979be95aba9a034cc4481bd592c83f26fef033f8f83f0
d4bc9adca2555a946c995d6c4dfee58147b21804003d645a055a3134b19a27dd
98561472f0008145e959e31a6dc3f196f1fc6f05a938ab9fc8900c15821e0a1e
87c646b8fd62f610eab23e4b66bb87d490f82741de179a86f3a8524ddcf6275a
6b21cf5ebc20615576167925b27adad49dd095dbca80a7a47101fa824295057c
913088dfb9d020b0d590b474cb80dcec701eedc7494a0a4c4854853bb21fd2c6
cb71469080d668f2d2af004da802db731c8e389a90a2d97af149e2dc7e245edf
01636849700a046589f6e2b58ca6b02ec108fd20534973f83737f1749af16e64
63d602686142218b1e2209b4e5273fc9faf8f38f7dd6c0ca6afd4f6a1418038a
6320abbefcf935caf324594c2efde0079636e7ea470fd69c8a20ad02c986dc39
4ca5781d934fdeadbc12e6be77fc48ff210818354bb4d10dc2978115c3a56b48
8eaa7dac649c67963accd74d9cb5f27625556662783c8191caf10cdba772efab
6f29b4ad21e77d83446618ae3650aae16af823e6e88f8c4193caf3c478495eac
f7cdea5cbabbed3fe3e137d50076ba977d6cc21490b350784bb4628a9914da40
6acf8aa7d107cc299d9d04b1f4f8ffe9b717a091ac1d5342adf7ba9bbd96288c
d3bcf5854e83b2c9367039bfb1b22f430318b400c5117f5e1c1feacbc1fdeae6
3a82f0b63ef6186c5f10a47d41726d894b21032a3e35dd84bc3be8729d2b9a09
f4afe4446a878c9a6fc4975a2282713dccdd3a3a5bfad5e14e118e69af228791
fb7da117740435978f076956d360df919c4893ec6dec49ee80ff24a39e0a487e
b7c84d904c3b0fcbf398dffd631b5c963592ef3b121e01260106d452f55cfd74
b268916b39ea95fb9aa3edd144f872836ab6b51144596b1a7a454d445c9199f2
97354620adab77ee34123678a924f19dfc804d1b95708f3b3d505815f94c65be
3023f5dbdebc637da61b4eec0deea00c28437b6ce0a60a11295eb40a63c8f59c
7d39dde72383a557950523dfc9e5a64718323fcebf5d41aba286763c9ae7b39e
8d68ad78eb364b147233b29bbeab6309a47289090ca2672e90fb299a37111f62
9f5649515a76da77c4431c4617b4eb1908892a40199639f50280a4af77f229e4
5b2af8340a3e89335f248be17ff1e5bba681bbd61f08bed79a85ecb6fcba3768
af92beb74147dfd4f21e426fadde4d083430a2495517e0fef4d802ba81909483
7ff50e2ac12ad29d4b4d13feb4464a768a11b2081167ee6010062ec98c106b28
5d85e1690df934604c1065147c41cfa7255b51775e298570ba1d8dc85d51fba9
d3ab0c4ddfbdbce6b1f200436de1c9d1f94567b06a420dc453d02460452cebca
f2ac0a7e5be3c2b1df4cc8fa9cd69e057ffc4530622755624638d0d6840ec367
324107534c778f2322006af7a6a98d4cbff672238fe8c83dcc9582210109720b
6cf42c50dcef16762b66a26f11289e66381fb5eb8313cb4674987a2f2179a4ac
50971f15ace24a3e3afd8d72128f8aacd7763ad13a0b75c18a89e43bde2163d9
5e348f263074a2c36ce3bcdf930404af01f327157b1494ac154e4f13044833d1
484e5a871ad69d6b214a31a3b7f8cfced71ba7a07e62205a90515f350cc0f723
f493aa5876e8e14c98f57fc1506b8e310eeaea75e3899b64aa7dfdfe8ac6687e
f24eca1c3ebbbb6d043a05f5e0684843326abadb28ecd4ff746de38defeb8929
6f4ef07076ebad36eea92eeaeb42b91bdf910d4e93bc0bf6b4fc40e6d191ed83
33779a75da1af9c5f45112370d3dbd803e86fc7b88bc5a1f43a7b76fc9d887ab
392ca32b824545d39bea534e97d75361b9d87fd00df675d8133b52ec4f3cfb88
72997c981fef64ed3cf79ffa5b2a496aca59fbefd54f7585049f71d69de1fe52
992c1fa1d6584c711280bd3a519018a88c7766728ca0b51024484d9a83ef6d9c
42ea2959f92f9405095a311f2b521eae1c2cbfd17140699710f22db8af6cd1c2
5ffafbd40ac9b13b7376211d7251c3f325cf78fc74e89ef58dc2392983f36e45
c081714907fc943cff0b637123039aff0237a226de4fb171cf430ed7c1da1163
f9898f9bbef6d022dd0ce4343009f8d8ec465322ec384723e565a7ff0db259e7
d5ac08bcb98cee8bddb8c0bea474d1ee71355dd9051053570b395af20092db4c
9238f0f88af5a6f80f79c66f502b73ca920522f58128428bc556054963ea6d1c
aa7527286fcbf1bb73cea645376dc644818c67af055b34562ac966cf9e749816
cae182d9f55fd8dcf113b89273d759efa895a0ee2200f6e948414bc967311a8d
322c8e0ba72b41a9ee9ebdeeb1b1d71cefd9ed9674e285efed105c0918834b24
524328b6282edf32cf0f983b0617b5a97c0dcdf68105f5a57d5899bd71ee9dd1
fbe048c713eda8c6d74504c440ecba4507760aed537fbba6171a4566b6452455
20ce65a871ef6bcc09f4333ba19d0fc940a49f82d360af9661c1d520613d4565
c78f018426083cf39b0a6db6e25ee7da2ecec7f0c308c82903477b71a0f753d3
3c8c09288da0a5c6765bd252c42453e50169cdf507edde67243e56ec346a899f
e35268eabb81533b762e25e0990179d5dd26b54125bd2cbd160242cb48d30bfb
1ec72579dde53f80d7891b6aedfa8b3ffb6aab9128581ac4b3fdca8e059404db
cc7cc38e5d7bc6d4f12623ff831c3611d73d905d78b62a173907b947d53242c1
b778e6e8c6b8265fff7a08768f5f1364ad81c68184902032589eb1e4b67df244
46c5226221c4a2c2a2d46eb2ea34889f2ea736f3ac91bfe800efba0ef277973e
b650a59a0c8004f37eac1c016477a2dbf25f3e36f281aa0b512dea2c41b4bbea
fdf4c8ee3fc626020998a24d5969fd5a30ddd46f64494fe0e74ecd26ca579f5c
91295d32f1f0cb4dc6c664e8e75f5bfcc10956186fd3c837877cb99542bbb826
d281b712bf3960b42fc0e9d0997fbbc545f1113f1097dc87b91712bb5ecd4df5
fb6bd382a8f80cdca9acb350878193f1da9e2d9d98ef630845864017696b2329
e16b7dc4ec80b1ad431e900156069100ba2e6035e0605535d2a247d2d4b86786
bd0f7c967e9e445758555bceb76f68806dcf1f3185a58e71cbbb117645f4b521
651d356971d645a45e69342612a4cbf9017f4505ec7cf3716636209022095f33
08a3597e4284ae295e34dbac9193cc53d8a1aa9106e9eda71d0f4724af42ecc3
87044fd80bd4cb7069021fa48e337e1ffc5d6f192932645045536ffccab8c4db
a004eb8d88af987841b7df68f534b59b5afb0e2edc346ad0c001fa699ad61d58
415afb394789db292ecd31abe20049f34847c3bb61efa231a652063b645e9b54
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
46b74e87fffe9aeb77171bd1c51e4b502e5f9aa7810b246d8125d2a37dccf88e
9547622737f684c71eb83f7c6e967940b1d0156a1a64aa035df5effe62a85851
05ae71f8d500864c8f34318787c707f2d6d5e6ef963502d7be952cc685dde996
65d633afee85962e40015d907d3592c3be64ba11585e3816717b0870849744d9
5016169696173409d745b16bac6e191128ccc3dddc4411b94474d750cc272d7b
3a8cd4cbcabcc59b3b845e3db862425d9a2dbec034ff2ccd87e9ad219357488f
eb157c504db169151fa7b7c8e3bebd364a4895740bfb3b1a9434c58fbacfe7a8
b9dc19311922881ab92fc3cf26fbeb9fb632e9452bf7a4149ba95a94cc9ac82b
8a2bb551ab8c8dda94f89421cb885546f6507ec2ffd24084376a2b4992378d59
980b094b0fb8f34cd9e32dad5cb606b32cd4a53174bee1167c8cf2205c6a9143
f38b5b8277be8d2746c447f0e67edfd4d4e4674a2b5697ed56da5951bb83303f
8254d25a2c54050f8621c6ff69869e94b4cba878b5b246c00ac73377b4ae65b1
d7355c0260d7e9d92bafe4aab56563c9da8b638ddb76662204766293caed11dd
3efc2b27292ebddae979c22e9d9098832f35faa1c3403ef58f5b20e8e1e2f0c9
aa87f9558b736af2adaa619f7e0eb6a9decbccbbb9ab293384e8bb34ea5a1f5b
e0ea5f8707d74f841bff65b37c4000db58764172a288e9716e36e184ae4f9e28
1aa84013070ff5d0671876d6870561811e536359d11ebec627152c176d39fc07
a4b1dfabf5c72421dc8e842584ab451276825da585145b7b7f6a98acb31f6bcc
ad9b8625f2d2b98ff577f78aaf80cd4ab30b640680135cbb2328a3ffbb1623bb
ecac6d92782aebf3e6545f550581065908e697d8e96461bc7d3f3284d538916a
2ac9a77b93473114fcb276f5c1ebb99a8e2bfd82bf5d552f067561e5525811c4
ed7a1d3478eb66a7f8ba8a0be3da616f98340624cdb94f3474456ac400945058
7eafa69b06a236e9dda3903e82a08228808f1bbb3c470eb7bfae0a2f4b13ae4f
e69cbec2c6a28dca27558736ea04f1b998ed42c2e70cf2934b12330df04bf3be
cbeee5f0d63a9178155739c1eca36e16ceaffc7ccda4154d991f068766df52ba
7aedd5e4277e592d13cb250945dac96a7b4877de807904f7caa9d8ffb14963a5
5d11fdb4cd576bd6d6785cc8fb787a36777347d69861c465797fb8b9875577f2
95b2a3c2a70e4a5c5bf76b86846d166140a537dd9e9aac6674a074864b035857
ee331b107bd18dfd8db52add917a98c284ef9d199d74bbc45e1fac0c3dbc477f
af238245a288eef2b2b3d4bf1c93d242406457f6e33b07ddec388c9f8788bd72
799053a90679ef7c3326656b1d341d66cae5ff7e274cafb37adf537c7729dc9e
4eaacedcb5c204340fb5b45bbf5b625f8951efdb4a4035b9b621d07880bd0002
9ca8eee09fea593c3acb722b9e401150d03f7d7b047f6fe9b2165749984f8bd9
71bb510143a05690f3fb6e06f6abec1c5f19ef41c12c51a9a8df54a2a5335c3b
800c11ad02fd86a237e66837e9e3e9654f22affee4e325c9fdcdf12d0f1563d3
6327b6e9e74b0de0b947bf0697757dea0d7ae998e34cacf0c83ec51b1bc61569
1b59c71c93caae5a01f0f6f2d1395eeeccb4054d42afdeb0e4b18af95eb0ef2a
00e001de6abc566bef2764d860c3d80f7a5907d3e32c23f53cd9d8182dd2e632
2328201990de5c77c0353c61e628c68a01aaef1d4566ef9816a1f0333562c5ea
bb65a6ae6428f0ef1e0fbc789070fe108b7108a154ece202c5a011c265c7332e
d9e1a2fcf6f37d422bd254c1231f2fc785bea5208aa8e71f8720249d3b369823
8d1f95b7b7ec864d13ed8255fe73da0fd72179b73537f498fb172de68159763f
070b26a4997c79949e6e34ecbd430a7f23c4e08ea426df2a743de893b8e9243c
db0f9627eb6f6d633f7211ce94d2ab53277140634443909f78b96a7b18c48b9e
38104a8e8f0fe6c31cac6a7b7a9c65d30ed8ca9186b7df9279821c1ecb238d77
d5817e8cfa2e2f8abb5feea016308efb1cd84e4f15ddd6b9e48692f626b8f927
567b160f11d65b2711fd963d33562351d91b6aafc4b21cbc5bc20a30c25e8a20
0512aff353c2a083222ff3f6007e15ad5e3e8d400ae146ae1f0f917de8c63f1e
f5bd533e5ae7c835a2130a82d4dc5a322300dc78648ad0d1d9b3c897ca71151a
244f3a2fad1afa232909355901f33cca18ea95444c5d142c7aa308170db5294f
4ce7efd002043fab126453cabaccb1fb4600d725c1d3c5f99c9664cbfc277a9f
839abcf7dea284e914448bf03e4ea5573aad8f179f63c9c4bcd623be38fb14a7
26c64dc4553b8f6267967b05f024f5e887f24b397025eebcf202a6e43ad58bc7
0dd9a973afdffa9c3b64ef40aebbdeb13843aa39dde313a5c6693c41ff14b48c
ddea918e0f507e1cdab135b871112ded7f068a604b74873091a8a2afa6b64abb
d60b032f5282abd950e262763251fc75c155b28c039aaddf0d7fa0ff7850dfcc
55e7b8d1f820450960ca17726b799d4ff4a7722866427cd9e3058d591d074e80
25a2064d88df7b8a4d10beb5047e6d9781e1225fe4c05da6e7a2addcb63109e0
c733793c396f98ec7eccf793a4ecb71c1af71b6106d202afe28df463d5a60a24
ea475ff8be05b66c2dbfbffac3e619bf168fc5af8955d8596ec0b0c44cb26973
956634b7b4d03188625e87fa66b3080b18839d38bc6f32201ec46488d071aa5b
b264d23c08e569cfb116398ba9b68da55c929a0450795a1194c296cc307b4d65
396b9c091d6328765df31c29d2e6e5e28f2472d63052ec39447d4325b8f3bf53
2234c3a3350dbeba11b7564dc52d5aa1252777f9ffe8dcf4027dcb54fc4542aa
930d8e0525f4d08280415a244f880ff0c1d4b3325a209319fa0636bc21006abb
7a12e9a93cb32e622b05613c160fbbfae2d379f5c255bfca02eb1b54fe1a78a8
c6c93888655cdb723ffaa5c5e8deea23c9d00050d053afd632e32b72ad87e653
1ad584b71b2ebb4fe6418e55f8d261ba662d4ab07e68ff05c1a073580e2419e2
SH256 hash:
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
MD5 hash:
670b57f8485d6b939dcf21fb8187b3da
SHA1 hash:
0f655dd7b6094dbb24f38557d957322a4348122e
Link:
https://www.unpac.me/results/3ec52bbe-2a78-4102-9fdd-3e2780b88ea2/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/9388d14c8bf0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AgentTesla_DIFF_Common_Strings_01
Create hunting rule
Author:schmidtsz
Description:Identify partial Agent Tesla strings
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments