MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c896697f053fc353c7263676f9a6aae0ff85054358dd07ee888f18edee17be4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c896697f053fc353c7263676f9a6aae0ff85054358dd07ee888f18edee17be4
SHA3-384 hash: 62ddb2d0012b21ce90b32bf88145bd6a762a66d4acf1f141d796e42b0932a483f7e0b92c874b84431978178fd86a8044
SHA1 hash: 67890b52838140f3c5d809fa209789a4dc489b84
MD5 hash: 8dfb62e748d39656fde2603822d5ef34
humanhash: missouri-lithium-uncle-salami
File name:Xm2z4a6f737X6NL.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:939'008 bytes
First seen:2021-07-20 06:18:04 UTC
Last seen:2021-07-20 06:18:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'473 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:gJqyvUIZbVlBPI2VBPceJJgTu4vA4V8HJd5c6w6CiMsdPI6ZQp:2vDBlBPIOBPceJJ0vlV8HJfLHDPI6Z
Threatray 7'067 similar samples on MalwareBazaar
TLSH T14615F126722BA114DC3883F51C25D1B13BBE6C2A562DC6782EC8ED7F7D736789AD0640
Reporter lowmal3
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Xm2z4a6f737X6NL.exe
Verdict:
Malicious activity
Analysis date:
2021-07-20 06:20:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4e9e58c0-d8c5-4876-a56e-1fc09c838e8f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172707/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.935-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b9e05c87-c9b6-4edf-8549-f6712cdf47d7
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/818691
Signature
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9c896697f053fc353c7263676f9a6aae0ff85054358dd07ee888f18edee17be4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-20 06:19:04 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
14db3f82df6b962247e632da97767bb052805916a4936000ee500ae87479c7d8
AgentTesla
62e4849bf2b02dd9508f6db60bc9f0d0e982ddfb607b9816e4a777c8cf5542ec
AgentTesla
84e178acab178561c9468e4277e3d924b69a1b58f1030bb258c3bd014d9e4ece
AgentTesla
8aa98a082e6f19c0432ba82d1c61383c47953e5e4c5f349cb586a304f28567ca
AgentTesla
ae8f0cb0a3ed88eab8f8867cacc01ca2937be743bd1c75940eac053a8a4dd42f
AgentTesla
b68f9419a52a690f1572c9d38e3311ec2ef9007935354e1122bff14c41b7e9b2
AgentTesla
c9af30b2a800c774844eee76e019d10b72c4637adbccd34a6de3bcc8a4f32ba4
AgentTesla
d91d3978aaf95c82ca8874e6d1778e2af2355aee81639f9c43d672a1e079ed20
AgentTesla
e3e8dc7df3c25fe3e8bbc80ea67ea740d2f4c02987a48826b0e8dd18161a5594
AgentTesla
e41c50d817a963a03c07188bda3e42f164f1ce189f2875dc7f5125594d4ec159
AgentTesla
+ 7'057 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210720-z6dtepx48n/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
83d9e44d9a311ea6fdbcbd09fdc816a2067806dcacf24beb5ee786191b1a3ea1
MD5 hash:
b1a7b752b6638ee03cffe5a1dde9213e
SHA1 hash:
52d215a173d2f293990f8c12fc7f4a86330a29cb
Link:
https://www.unpac.me/results/e67ce1f5-6605-4116-914a-d8951b8f34e4/
SH256 hash:
9c896697f053fc353c7263676f9a6aae0ff85054358dd07ee888f18edee17be4
MD5 hash:
8dfb62e748d39656fde2603822d5ef34
SHA1 hash:
67890b52838140f3c5d809fa209789a4dc489b84
Link:
https://www.unpac.me/results/e67ce1f5-6605-4116-914a-d8951b8f34e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c896697f053fc353c7263676f9a6aae0ff85054358dd07ee888f18edee17be4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 9c896697f053fc353c7263676f9a6aae0ff85054358dd07ee888f18edee17be4

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/172707/

Comments