MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 982c304e29519124bbad050a7a9b1cd53477f49d742f399fe3e22fe3b782e837. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	982c304e29519124bbad050a7a9b1cd53477f49d742f399fe3e22fe3b782e837
SHA3-384 hash:	8b3e19e30ed7aaf08a946b03b4e6957afeca826f0f0bdd7fa2349fcb39436345019aecc6797107f7da45e007de2eb60e
SHA1 hash:	39b8d5d64e770dc28996314802c23d30865785d6
MD5 hash:	8f84ab7a7aeeec2884e7435288604bbf
humanhash:	april-delaware-sweet-coffee
File name:	SecuriteInfo.com.Variant.Tedy.217635.22545.16275
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	265'728 bytes
First seen:	2022-10-05 16:39:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	6144:Qw+MqINcNdDRM51/sp/K6O0IM6Ra0g28lGft:EXVi/u6UQ02yst
Threatray	16 similar samples on MalwareBazaar
TLSH	T1864402D8BD689662D36BDBBD0A3389052B3D4749FA2FD619319B4C9801C028B9F3574F
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

305

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/316973/

Detection(s):

SecuriteInfo.com.Variant.Tedy.217635.22545.16275.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Launching a process

Creating a file

Using the Windows Management Instrumentation requests

Reading critical registry keys

Creating a file in the %AppData% subdirectories

Creating a window

DNS request

Stealing user critical data

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/633db3640d3d21420cca99a0/reports/dd85db62-1eef-4ace-993b-4a775a35347b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0ec55e46-0fb5-44a8-b82d-b336888fa8f2

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1084306

Signature

.NET source code contains very large array initializations

Allocates memory in foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected AgentTesla

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/982c304e29519124bbad050a7a9b1cd53477f49d742f399fe3e22fe3b782e837/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2022-10-05 16:40:11 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

15 of 26 (57.69%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tawdatrjkgisjo5naufhvgy42u2hp5e5oqxtth7d4ix6hn4c5a3q._file

Verdict:

malicious

AgentTesla

341b6ff76b63e3e74b8fd97b301462f9a6544405946271b7766c4ff4c8c28150

AgentTesla

5957f22f5a9db32e32e71ac070731648a1c3305dd4483375aaa8192a9ca20836

AgentTesla

5fc5899a46fe351361fc6245bfec6143e1f0daa8c2abf6a247af39e5a3c53353

AgentTesla

8f47a0124c06f3bcc483fe0c29136e822be2b9853fc4c81c3f525dc041168d3f

AgentTesla

9ba3f37b67b92faad989b9f328b13c5ad6e712678bc2e7e3f3284b82685c0eac

AgentTesla

a6a120ad08da9e3fbbcb491477914dae9901653122984bf29475d7b344b20e0d

AgentTesla

c3b9b17acd966a36e27681a32021b35e022cc0df29ee937c61dc766e87f9ecd0

AgentTesla

ce6a420547785fbbec9f1b5d5e586737bba24219ecd8e689621b7c214691129d

AgentTesla

f762563c3e7a28714cbec35efae8524d5b2a9889274f73dd963f9a9f1934aaa6

AgentTesla

+ 6 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/221005-t6jclsfbdr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

AgentTesla

Unpacked files

SH256 hash:

982c304e29519124bbad050a7a9b1cd53477f49d742f399fe3e22fe3b782e837

MD5 hash:

8f84ab7a7aeeec2884e7435288604bbf

SHA1 hash:

39b8d5d64e770dc28996314802c23d30865785d6

Link:

https://www.unpac.me/results/80169a0b-cc68-4df9-bac5-6877c4e7599c/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/982c304e2951/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/982c304e29519124bbad050a7a9b1cd53477f49d742f399fe3e22fe3b782e837

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/316973/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample