MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 19


Intelligence 19 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
SHA3-384 hash: 6ba8c0f2eb06775b96d9776b9e25127dec201ebdfcc8f904af6f8bfe2f852218c135fd82cc62ca0462fd9aad7179eb23
SHA1 hash: e8842b83a180e7589e366bd61b08f59a87a71734
MD5 hash: 1779ee90e122ebe86f1bddc4ec06440d
humanhash: cold-ink-july-autumn
File name:MV BBG MUARA Ship's Particulars.pdf.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:979'456 bytes
First seen:2024-11-21 12:05:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:/csCELA+12Hd5lpvS36pDfi/xN3xIZrzfBVzxWWKy5siBjVE4wPLXkYVx5OjuRZx:0zf/zxWu5zW4wjkTuRZOVFuxztsrG
TLSH T11825B02077F8DD67E27A61B3EAC8421197B6D146767BE3AA0CD560CE25C27321383D27
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
File icon (PE):PE icon
dhash icon 201b27353b210f20 (4 x Formbook, 4 x AgentTesla, 2 x RemcosRAT)
Reporter threatcat_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
427
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
MV BBG MUARA Ship's Particulars.pdf.scr
Verdict:
Malicious activity
Analysis date:
2024-11-21 12:06:14 UTC
Tags:
evasion stealer agenttesla ftp exfiltration
Link:
https://app.any.run/tasks/6043f429-ba48-449c-a782-bc4d9ae44481

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win32.BotX-gen.19959.5747.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=673f22ad20280512a0db8a93
Tags:
underscore lien
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Creating a process with a hidden window
Creating a process from a recently created file
Creating a file
Using the Windows Management Instrumentation requests
DNS request
Connection attempt
Sending a custom TCP request
Reading critical registry keys
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Stealing user critical data
Adding an exclusion to Microsoft Defender
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/673f21fe7d7984dd30122618/reports/1cb1c718-0263-4fd1-b177-6317df7f294c/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ee2b6735-7069-41ac-9e3a-ae9876fba888
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1560137
Signature
Adds a directory exclusion to Windows Defender
AI detected suspicious sample
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2024-11-21 07:12:47 UTC
File Type:
PE (.Net Exe)
Extracted files:
18
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sqkvtj4lnyok6ojbebeop5rheps7fa6rsqufrtahum45nvvsinra._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
agenttesla_v4
Create hunting rule
unknown_loader_037
Create hunting rule
Similar samples:
error
AgentTesla
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/241121-n869kasflm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
AgentTesla
Agenttesla family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e3da75be-906e-4507-a736-efb9e48da246
Unpacked files
SH256 hash:
36f57e369d10f7067d8c11b808e322835b4278e68322f65a178cc0a8055e0a3f
MD5 hash:
9a2572c817d03296237124f8a8dfce37
SHA1 hash:
c9a2a85ab201bfb5f9f2192e72cd4f4a8324d92d
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/7653c8ce-d3af-42a1-bb65-7ebc06168e24/
SH256 hash:
2bfde305793352cc0da1adb8ed99447ad59f25f03c67d5756905cce802618749
MD5 hash:
90cebe77febe3d68f79fb7e03876149d
SHA1 hash:
a665a04102d72778358e1b045fe3dd46996d2fca
Detections:
win_agent_tesla_g2
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Create hunting rule
Agenttesla_type2
Create hunting rule
MALWARE_Win_AgentTeslaV2
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
Link:
https://www.unpac.me/results/7653c8ce-d3af-42a1-bb65-7ebc06168e24/
Parent samples :
bbe3fb7e0f0ddf898c7f5055707dcd5847cf14801f02563f384b75ffd06ece4b
8647436d5b5e93de1fbaf9571e584ceaee4a620cd39b60472da87e694239c317
c09cba9da1f8a6c8fbda87ce1c29455118eb13876286388a7d768ba98585aa78
d9af97e029e98b7502110beee9913df5132c5e1ad620e6b8124bd395c72131d9
fcb4c6602aeea8229338eab9ed2deb97c27e07601791ef19c7e43a830079e416
053c940f835b1c6624b6b0421b680da5c984b056734db107a7d6c8dfbe1837fd
8e3db35284b6e1ea560c14a69ea4dfd6ef8e27fe9974a609116d00f2d764bfeb
c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
793683a76efa38f5ad0608e7a7419af3802b4a7cd5d3d428f2f1a7e6f0e6ad0e
db20bf3295f1aae23ce386ffb850622a77a474a8a1ddaf240965082ee03055bf
faf287257529efa93234ce96fd47d0d43a4884deb7ec54e337bb8ba49b1d12d8
90bca1aee1c83d0c4efc1d89a1c57b991be078a6fcff421495fb9cdbed974c70
b3339675855dc36ef85d78208f43924b6eb62a978caa41971115b13a8c9cd951
03438d007dd69f9021f8c37eb21cd9f817189c99f86e94136b0f6223e07a7366
20aa510e22a6e0abf81a9cdb4491977cc7035ef0f62bf4e97e880688594707a8
ff487e2ea6195cc78c6c3f1d9d23aae0902eec37964143cf85cd425252a0072b
eec4404be651d77865707efa282ec7899a97550ad25351a70a926679f6b34bdf
430ca931fb30ead2352f1f6cc4c832d5e83d0586818e47febd3d9d2dd83950de
e0e7d67763efac156e039e3b9b8e4cf0e269109164788c4901f338f1399699ee
a2e0b264504e6338c455b6227e85273903c8f1f901809eeaaaec9e917ffb09dc
5565d238feb8a0e52f4185f696eac6e4d817d878ca99aab4ab16a341b3c828ed
7a52724e8dd312054edb1fe92f4661be8a4696efe209edfec3f43b7fb8fac3c8
97a1e4bfc76eeec8faa59bd7de85088d2e42cf9562ea66c2305d0309080712ac
68f8a928d8c7b9b1da3ed341ad581da0fadd5bdddf781e0d8831c94553d8d5b3
10eed1464345d7548cbbe6e76ece440f249d9daf5bf13f973f68136d986c7fe5
99e2fcc17330e0e1d8e31c814d659c4a00110a6da389102e22a25eedae3933b2
cb9c62c96c1409b6151ec4cdcda1b0750a13dd61352ca9ed91382a978cc8bba0
7f7219150a44e397a72f82fe9c4232887e991f0b3f0469c29d5cd2b8e3f3d0a7
1f73dccfdf8ee9cb8fb841e40c88a7b124cd28c0b06688eaf2bb81ef4f4ac0aa
c75134c43e97b75bca4ced11b721253c5774cb0a78184acdc5c55580aa07df85
ad3517d5640b93e40bc1e839f6616222801d06dd83ed5887462a71f3858f5b40
941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
59e8919a70ecf74746e7bac52469b520a8a4fa929e8fa8171e22342d8dc4e1d6
b3c12cee79f27bba7b9d58c690083d38170fac66c70ab18dd5897bf0268fc114
e9be7f50bd810d3b8a459a54c2310b567dd7065cb52803306cc5e6132eb9e12f
2b1c8e28590c81630fe3c284857734161139c1998cdd28e899cd1049bf5fff0d
20b88c89c50d71a77a0f2e1007a39cdb0b78f44c8507d3b492e8875a44861279
25cc6ca776e3d36b9aa29c331b522f23f1b309398372089d51297ff179a51bb6
853b91e9b020663d17ecc679445126b293adf51dab2791e846c31adf4fbb232a
2f7226f97fc49d8e893e80ff5e3e1127d0ae76650045dbf30c36ddd0535c0af1
8c511dab54355d76edfda60811e62b832f7593919b5c8f683b53bf6690bc808b
2ed7941c78a8b93373502b3b638392b1981785718e31bbbcca4f251d6b21f535
fb98e235d9cd58d96ab4d3389fdacfff82beda19357f313fabd95729bc984ee1
2fc60266d45774d861a84e932cb572f683a5c140406a6709adb10a08e5391b9b
2843e5be520970bc04d4c2d1d64749c730cd115037cd11b10a5c4073f001ad7a
ea245dfb5adebf5c9635d41f7e92c9194f6a20f900d9bcb14b8931501f0bd411
4da351698b0432b56b06b8bdd26fb7103b973a7c70bf666cc1a26e13fd2585bb
29d5ec780d5e5c02484ba41f291e35d29910e0ea2221c48f2ba19c9be746b8a7
602c89f6771cab55f5ec65aeaff614585d4cde2ff38f5751ca52fd062e871d19
0e52d5414536fce593aada88c26086af95af6b44d700b70315f4fdd9feb0b093
b21d51c3a5519c6e41de9ef4e4bbdb821f2d76f6cc1e2b01d0a0fae37723f25b
f687ef7cfbf2fefbfb85644f57319e28c04f9feed590a317056fef8c130c092f
d16be68a77facd56c4553aff3be893308c986f726619cd0785b5cf8cd5993f88
2c94e0937726b8c53f46350c17b50abb816f720708055e92a097c796a9970f01
265047bb3b17c31db8680e5dc97255cfc147e02f730db48a6852cf403033ea69
933e3e0bf29c5545bb4ea400f0ad62be69b957475e82a6bc8ce3c2a44622d4b0
71e061da69a80307913e97800c500938e1aa6eadde0fd25758b9b394ed1532e9
ff67a4429b3cd257a8ef58dbbc90450eda82271ef4256ba1dc5fa6eb215fedec
2f0ae3872ddb72b9c17060aa7608559a5cd92d376dfc88441ff8c54e6f1a65dc
9bb11533ca7287474f25da8cd5ad24afacc6b66175798298c6924035b9b3f92d
ee0176357d58650cedb8212e95249b9ac0e17145587e398a344c03ad95334618
4c17a091bd4bc5abea728c7245ec9c15fb98693e661bc6ec20239b91db33faa8
8024fb977a8ce280bd9bbe8984c2a1eb02a39c82222940de7b8951fc1493cd80
8b83d463c4ddfc873ac4954f326d473cd6aa3443617fdba8860680188500def6
69b4c8361199937a0cb7e28c689e3dfa2967af5dc5ed0c1fccd770273cc3c71a
0f22c8a761d26fc6db2f20b2c3070269bf8248eebc03743250da0805ee9a8511
183c72638416f3649f30da841ff7a88d29f6cf22f393db7a96407e939b9c6647
SH256 hash:
42845ecc42abd302d832179057f11d269f8c7ce4bf324d256f35f5bca1ca45b6
MD5 hash:
0da34a44ee4876dd5e35939af02f1d32
SHA1 hash:
83109ca5bd5178b9f409a2eeb14dc0763df57729
Detections:
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/7653c8ce-d3af-42a1-bb65-7ebc06168e24/
Parent samples :
6968d52cfb23011d71a62b5b5f7a58f98bf287503af1dbb9d13d21998d1de6ed
ffc6b173f9b255702bdcbe65dd606f6154865c7fea2b2488305ba8f0d9ccef58
990e32f2b58b0c11d9998695169ab6a6b0825fc2c4c70d366eb2197360875edc
f303f80350d34a05961ace4456cc3408510a36852b94a75e0e9abfcd75f803b6
60fc7c50aff42fbe59f51bcec55bd48ef9e78025d471f26051907572cced5ef5
acbd111f6e01f7a02777bf50b95d61a352d476f031e7421f1fb356454a81e4e2
8d8c12c1b96b60a434c003d013e5bd8e948ea049246912b545fef1d3574819f4
4362b2639911cd4589bc5704aa5dac8f47bed2ab7d893b375cb74743ad38c3e1
c169a73ca29094fb2cb53c32f7cddf5fb633494a8e498ef9abb0057a19293155
38d921d063a0fb892086121bb34180b2a930819788a3e34a0d2f65224142d930
d709e53e4afc4e29076812e41282fe82bcf2f3d73abe7016f13a41f432f4bd75
5eabc2ee89814722a4e157224e042211e7780ab450b8ed1f9311f72eb80f4262
f8651bad204cbf1299c8143c5fafb19346e11203273b76483aba23a0c91a6bbf
eaee2e889db67e2b31b9297c371542028cab1b572270e85757a0a4849cd004aa
c997ad9cac5cb1cfc050a066e275aae6a540443075b2641ca19331b3f065ee29
2a2625e85758dfdc4ab64036bb679f519b8802ecccdba37eec44fb99e68e35a9
8e63fcd9e5fcdd993a7535a3990f28a4c95740d801dbfde8fb0d338bbae22d4c
5e8880438f921f4bd81f137cc9b4c44f1ba12b321a178d4d50a0601d75aef049
4bffa4186f899e3474a07b07fa5caaec795250cfe89d4c24b9369e2da967238f
b22bdf76891cde5dd78a3f1dbc7ad67543f9d66db4a959bf3dc70536d8d1903b
9565e0e3358341d167b1adfe5a30b957aa028e19addb4427af1bbd41bfe67e6b
901f5ee695e32164bd5fa37b4d6ee86680c435aafdb9d504864b5d70d3da9983
e70f87d5f05ff21f16c25173755ebb71a2cf2b46c047aa9ad9bbf1e13e2dd3c4
f3246d0ca5ca8e69f98ca33b2c17813d5d862049dcfa9931dbcbaaaf7543a1f7
d6186fa8bede1688696983f91284af10a7d8db6f28387d08c3d125853a0c93ab
76ee39157442dc28e64f089260ca42ec5374ae2fccb99d0940b9717e48e6dc86
43504fb57bd1ac94288d4f43963b862b3bcd530397bd7584f14ade877a31a8c8
6f5c8e04089a2db3aaa4d9447de589e5df8899292fbc70a5ad852d7abc7f174e
d4c86776bcf1dc4ffd2f51538f3e342216314b76cdba2c2864193350654a9aca
05686f0f36d10b7c3056592eba7b16959f1940268ca9979c2312c50b8a73e045
f03acdb2a846f8060d76c3d81651949b5699a5dee5b2b26ec238872defd12252
01921eaf53c9afa578c6abce6daf8fd661d8be6467c589816785ff39f3545503
f69515024de365946c3a58ce3315898196dcca5a2d5a9ba3f5b257818df4055a
2efd54686c3942f7778ae4ad63c002e50d1fd2a08fac36ac770dff40cb3e3788
7bd9596f753e58ba917ba418c191af8fcb9b537e73ee6a86989960099585394f
6474ef699648b5f34d8739a9a102836b27e4dcfe718404fcd09a428d2e89a973
50603d9481c76ac7052a18320666f9206f6729c78fdb779c0e7010952eaede26
819453cf1ae051083e60fc82a6125798ab8f94385d65bb2c1920cb7579df6772
2f5f280877cc85b590b53a0b6c2d061b34a6d23629cca5ea0e0aeb0591ef3b0e
89bf888148eae2caabdc6d3fff98054127b197b402493581894a3104ed6b6f1c
5cce0ced936e5d9c13d6a4a8a3c149371c92236eb4c465e0e422142946509cea
a83b6e776af937398296eb1b06b65e9ea8226693b5a8337f35c8b8e42bebb23b
3f233256d32f8c33884510be0e50b614a35642f6ed7cb76b1f480373b548b295
8c25a42242f041b0ecfc47164ef25a988b37735dac00a6990f7babd80eaa2487
11013cdd71339c3aac7041ef80912c8c03786f5967d58c539af0d560687089e8
8dd1167ef29a5c350fd3004da6a685cf48c6c587dac25fc4786f9fd90284b5b1
402dc87138121e2ac00c7bc65bbdd39a9ab0091c3a1b163066924887a20ab361
7292590b86e83ca5c6993b8c56578740d1f066c91baf3d95bee2bd34d9153f15
c35b10fc350209ec356b48282d85b18d9b9ab5c0167dc88461297906602e3d61
429e0fa9706ee65774188e538bda0b69a15fb93e97864cedb88e33c650ed9538
10f6d70d363d93fce85e92f2ea94a36eda4c755606581cd101652afaa97a91fc
f6b094d042f1ccc79ef5060b18495c6bee55585630fac2c3d3f32a8c9c174de6
a36c66fb7fdfb2639cc0ccdeaeef4e6c1a1cd103ba76309ed32777b3f2ab069d
c6324c508e3f4ca77de6321a2ba98faec3cb40ab4b9d85a2eced9560f24f6eb9
4aa26829657bbdb5983129321451365832a69fde42f22687b9a7c598f2e04301
ad3517d5640b93e40bc1e839f6616222801d06dd83ed5887462a71f3858f5b40
e115d3bd2903d9d663a7a69edd08b0ba5f2528c831d17530bbf621648b44894c
bba1825bd893328442cb891a35420a5da41a5431d1ade643f085c5992e763d3a
0b06f6a3a4102c27376f21cbcd09d3c0bf5e6cc7e92f9b9a3810fc386ac8184d
bdf6c1caee139afdf9122554e47a2b1f56dd5598447dced5cf81cafac1dfb7a0
c8d717bc9d9c2bd335a79ac5e189d98f36fcd7ab0c62475a7aa7da5fd5ae75d1
941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
cd60ea86b574b6b511ce6a6aff1314ce71b1953e169792e3e76a36913e85ea23
d5d8c33957e90d1caca4b5207d8da5ab1bc4caa9f702abc0ec006d0518ea9aec
096b33571e80d18c1763a3bd5d019e3177f1547b3ca6e6205a349075ce2fec18
efbc15ccbe9e7b1f1648d94c5e38e3149bff5d33ad93c0a56e68db648050509a
98ffb783354435168540dc2e8eb4570f865f324169d553ffbad828bf9f33acd3
59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4
cac29565b48f92e8c7a43b7dcca13294bae02890c26df75ae5e5ee31a464e4f3
2e64ed10f0c61a872dbc4cc8ac023e947db0c9642044dbe33af671cff97135a0
5618efb4038198984ccca27de0dd5850a697038d9f0c2a9ad26b17bb26cc0f7b
9c9405332a044a5f3222dfc59bc8b36a4cd6fc4542c8651667aaf2101bb54ea8
e588a098e9ceb33f2616e11a3faf28162e5f4b7f3800b22ab3023bc376aeb18c
04620fd6c4803006181800a7c9dd8748e37e688d197bc22fc580f6d8400c4d13
744ad803081f6ad2d85f3c667c537c6bc3a47bf95c07f496315171790a1b05a2
b3af9675cef7e3a371e7a3d98d141b2bc6cbbc5da2df140dc09cf918ee3c62da
cc0fdb6946afd11917588ce448b752e3f49debcd09d2e4d6c6d04cc1dc774e92
1070bf3c0f917624660bef57d24e6b2cf982dce067e95eb8a041586c0f41a095
f0430c66223a7084799e61e0cb4541d034da240965e9aa62f2d6994ece64a5da
fbc1981c8c4b453464e63ea2155aa74d2e6e6da1fd3268fd8b45e16c1d2bd0d2
f57e0e55aa4691d0502f6da67d4ecb2823c98bd319c5208ae44a518a0a17392b
0d29f5c648cbd373d3b46738e2a00917b156053e4eafb1e47481a122cedf0a1e
ba5fae13322d5151dfb348ac1a2abc92d021617c154ef9d1e4efc70bf7fdf03b
5bda0fc048c68899988ae1d18bffe618d76edc0e02abcf3289018ac1038ff420
SH256 hash:
941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
MD5 hash:
1779ee90e122ebe86f1bddc4ec06440d
SHA1 hash:
e8842b83a180e7589e366bd61b08f59a87a71734
Link:
https://www.unpac.me/results/7653c8ce-d3af-42a1-bb65-7ebc06168e24/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/941559a78b6e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:RansomPyShield_Antiransomware
Create hunting rule
Author:XiAnzheng
Description:Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP)
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments