MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 17

Intelligence 17 IOCs YARA File information Comments

SHA256 hash:	a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8
SHA3-384 hash:	026494a534cebacd1a5d87227e9b1419b505138e6504f6032e9a54f306ad6f2dbfb4127c68c6b33d4869f33c96faa605
SHA1 hash:	18d505bbdbffe0d9bd822e44a18cc0cdd40b3720
MD5 hash:	382635422daa0a2e8c5a035ce5eda491
humanhash:	winner-november-seventeen-finch
File name:	ndexut.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	891'392 bytes
First seen:	2023-12-21 13:59:08 UTC
Last seen:	2023-12-21 15:20:39 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:XvV1SQeSBgroWxhzbBoqg/6DkryAgEsyFNiy3dfv:/OVSyrFxFkfgEsyB3
Threatray	839 similar samples on MalwareBazaar
TLSH	T1A515D43C58BE2A2BC075D7A9C7E50563F250947B3A12ED2698D3439E4366F8379C321E
TrID	63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 11.2% (.SCR) Windows screen saver (13097/50/3) 9.0% (.EXE) Win64 Executable (generic) (10523/12/4) 5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	malwarelabnet
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

294

Origin country :

Vendor Threat Intelligence

Malware family:

agenttesla

ID:

File name:

36KV XLPE Cable, 300mm².xlsx

Verdict:

Malicious activity

Analysis date:

2023-12-21 14:01:20 UTC

Tags:

loader exploit cve-2017-11882 stealer agenttesla

Link:

https://app.any.run/tasks/ea77e062-7a58-44d9-bbad-34fc610b3729

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/468789/

Detection(s):

Porcupine.Malware.58887.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/658444e6b290743934ea2a87/reports/599f4fed-9466-4b22-886c-03d71ebc90cb/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bcfaf809-b344-4e69-abf4-49f13fce2746

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1365564

Signature

.NET source code contains potential unpacker

.NET source code contains very large strings

Antivirus / Scanner detection for submitted sample

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected AgentTesla

Yara detected AntiVM3

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2023-12-21 02:30:48 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

25 of 37 (67.57%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uluc3wulbmgmpay7fdrbosuzbvdzqgnt5lt4k7rwb3m6chco77ua._file

Verdict:

malicious

Label(s):

agenttesla_v4

agenttesla

AgentTesla

0a109b2fcbb4ceae58549963c3c7ba7444763b9c9536323e95d90116cd78f809

AgentTesla

325dd2427643da7867652e7258a35491b6f20f1ced54171472628521cb91f54f

AgentTesla

47009c672adb7afb15740b8a01913ed3f80e3e8cdb602fd49f79d7a500ef1e7b

AgentTesla

a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8

AgentTesla

af05bc98f43fe36d326207744952acc1a11e122bab8c8c928aa8508d7f2c1b4c

AgentTesla

fb5a97acf9b392addd2c222672ee4d97b6d1a39e6877734db1cb012f6a356793

AgentTesla

+ 829 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/231221-razcvahcgj/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Unpacked files

SH256 hash:

41ba8c4d68a98a340f12da40b03b0ebd87561a34da80c1cfd066af49ee1dc31e

MD5 hash:

ff479cc70781578c53fe9c45ae9ebcbf

SHA1 hash:

ea11e4a5be23c48204d63a9817d9a6a16795f36c

Link:

https://www.unpac.me/results/95bc1b34-b73f-45db-b730-d699fa77a402/

SH256 hash:

c5328f7af843244b56d6a208c322a9315daea139d1b255cda993b243e4394ecf

MD5 hash:

160f4669c06c6496d79a92ea9d33e89b

SHA1 hash:

baae226fdb2a9739f118db781bdc74f2efc6a585

Link:

https://www.unpac.me/results/95bc1b34-b73f-45db-b730-d699fa77a402/

SH256 hash:

a8767b649a67e799469a73fcf093d79dcd3f4a7c187b45c11639f8e67e89d2a4

MD5 hash:

1c995704e0c0c3de5db167ea14339e7c

SHA1 hash:

ae68a632ea3fb8066ae0111725faa5a42aa422fb

Detections:

AgentTeslaXorStringsNet

MSIL_SUSP_OBFUSC_XorStringsNet

INDICATOR_EXE_Packed_GEN01

Link:

https://www.unpac.me/results/95bc1b34-b73f-45db-b730-d699fa77a402/

Parent samples :

a8767b649a67e799469a73fcf093d79dcd3f4a7c187b45c11639f8e67e89d2a4
47009c672adb7afb15740b8a01913ed3f80e3e8cdb602fd49f79d7a500ef1e7b
00972929b3e57240b86f2812aca237acff75e09d18a55bcf575d22a2beb5fc9f
a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8
fb5e0a41602403a20017973b3e0af1b742e32ecfbbf6f565b4ddc271e0c0350a
54bd2e31afb0fb4c86e21837884aecdd7b045986e2e6e942c0a835f62c73f6c6
57d916eab0857ac4c801805981105aa12540775ebd09f0abf53d8a8cde849c95
cab1e1538f9de2a9a663d7ceebc17a2cdc200fb2c09c5567ef9f273e5bcffdf6
18ac96e96cc73915037fba65ae3191c953c51485b4851a38de3cff90745530c2
a603f947d120ab48ee654acc6714eb647d3bdce3cdf9f9018de0aafdd2e2274f
755d262d3f1e444bdc34a6a4c536738bdba7e0b321bc6a7771ad059e1ce5d8ff
ee7a41725da2bdf69d892c1ac563b9d11b317ff6bdf8971937abafca74d33c62
02a409733c223599defec67dad21f76ae46821bc83e4d9726ee203870dcc3105
c18492bcd0a23388350bcf8e42727337b77b463fb83de661ad5e8dbe40ed98df
5c00d919e3895f872959d16c8bf210da4f9e20c01791a88d7a0f60b13a22c968
88750990adb66bcd3435e4920b626aaccd51c5c13d778e8e1bff5bd51813b3b0
06c2b1ff831a7ef951d16f8d66b3aeb8cf0e34ea7cf10cc97fafca3954d3941a
92d6b2ccfc3f6f350b4c5f989022abda28a982e9fe0bb4121ad4092802e1a758
945a7283148a1fb1d96ccdd8eb5d69245ed7ddc37c34a709c198e5ad1689f914
9ff7aefc37e4add2457417f35ba73e8c53a4f9ab7ced0656fec94ac8f5e35630
a672e3cd3a4f6227f4b5551a23f559baaa25f3ead5251e798bc05d563702395a
0707a94356aa1c072718ccc6a687b250a64d64d4dbd0bd2143b38dc5e6ea2bcd
7810ad9adf690135bdcc8cd581bf99aa986f4ee723b7ed38a1da2b3056379b31

SH256 hash:

ef772b51158cf9b4d860f2a7c6d93e1735ebdb6e3730ff79f267a0926426799e

MD5 hash:

c235f905517d24e5069e9709c29ededb

SHA1 hash:

1ff43f0253e0ef1177e47b7489c2229104156d31

Link:

https://www.unpac.me/results/95bc1b34-b73f-45db-b730-d699fa77a402/

SH256 hash:

a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8

MD5 hash:

382635422daa0a2e8c5a035ce5eda491

SHA1 hash:

18d505bbdbffe0d9bd822e44a18cc0cdd40b3720

Link:

https://www.unpac.me/results/95bc1b34-b73f-45db-b730-d699fa77a402/

Malware family:

AgentTesla.v4

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a2e82dda8b0b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/a2e82dda8b0b0cc7831f28e2174a990d479819b3eae7c57e360ed9e11c4effe8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/468789/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample