MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93c550447bafc08550c048feda18814d1eb8c9b639e43688908a861cf8554674. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93c550447bafc08550c048feda18814d1eb8c9b639e43688908a861cf8554674
SHA3-384 hash: 68e22c0406b990efd8978ec723e7be3eaf3e69aff0a3296b525baa9421578a071659e1a437bf38fda565ddc0b59a5a31
SHA1 hash: 37e0630326fe2b752e0357c8cd96dbd667c3e6e1
MD5 hash: eb02fa52f21eae3029e70170e7914d4b
humanhash: stairway-cola-robert-carbon
File name:documentos_comprobante.jpg______________________________________.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:135'168 bytes
First seen:2022-01-31 21:20:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 1536:gLL6eNb/b1i5WsV3JqgdbSuZW8N3uzU9M6MdrdNR6xb:8L6eNb/bANV1vW43uzuCd36p
Threatray 18'713 similar samples on MalwareBazaar
TLSH T144D3637EA6A346ABF14811B84E91AC7CA040BE7426DD90BA30FE797F4F1B794CC55E01
File icon (PE):PE icon
dhash icon e0e4a6a5a5a6e4e0 (3 x AsyncRAT, 1 x a310Logger, 1 x AgentTesla)
Reporter malwarelabnet
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
documentos_comprobante.jpg______________________________________.exe
Verdict:
Malicious activity
Analysis date:
2022-01-31 21:28:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f6ac4571-660a-4b21-ba61-77b80d326c3d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/228773/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
DNS request
Running batch commands
Sending an HTTP GET request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd.exe obfuscated packed replace.exe
Link:
https://www.filescan.io/uploads/61f852c16d25ac9e79f149c4/reports/ee17e010-ac77-40d7-b192-68223ff940dd/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c9b7c3af-7e3f-43ac-b7d9-225798071c75
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/931258
Behaviour
Behavior Graph:
n/a
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/93c550447bafc08550c048feda18814d1eb8c9b639e43688908a861cf8554674/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-31 19:02:30 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spcvard3v7aikugajd7nugebjuplrsnwhhsdnceqrkdbz6cviz2a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
00f5c6bba9ef3a6af2ae5195c89e46529744e9cf4eabe9d1d8959a068970b93a
AgentTesla
11984c9c8d7bfe34b27fd41ea7f08f7b97923a8c4cf0316138d34bd90cb1a38a
AgentTesla
12f108fd2c26d301f44ba20cc6857a5bfe0330e72d1a356051b2f8e968c8214d
AgentTesla
57237e2f22f1c26b4d77c3b4d66537cc48a03980582100eda2162a78b9a04ce9
AgentTesla
7cd9cc024ac14877dd66ec64c36fd9b6cfb3a731aa90afaf04a99b790f1fefae
AgentTesla
c345fbabcb3e55e64341e860bb2916ba52ddea44257d8fa5b79f2ae7062734c8
AgentTesla
cb145909667bd181409f1e14b6b2fd00ec9f8894ffaba82bd2b1888065e6a22a
AgentTesla
e30e9ec11818e069b23a74a0a47d0a2b91c19556e2851a79c033c2ef0b680974
AgentTesla
eb9de162cbe1af46b276cebd9141ece2b6bd02847d906e4078b2dc8ded5c2a06
AgentTesla
+ 18'703 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
93c550447bafc08550c048feda18814d1eb8c9b639e43688908a861cf8554674
MD5 hash:
eb02fa52f21eae3029e70170e7914d4b
SHA1 hash:
37e0630326fe2b752e0357c8cd96dbd667c3e6e1
Link:
https://www.unpac.me/results/56ac98db-cc10-4c58-af11-d5a9d45e01ba/
Malware family:
Agent Tesla v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/93c550447baf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93c550447bafc08550c048feda18814d1eb8c9b639e43688908a861cf8554674

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/228773/

Comments