MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 16

Intelligence 16 IOCs YARA File information Comments

SHA256 hash:	a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57
SHA3-384 hash:	c6c3484e4ce40ae45e42d6b2a9f7373814a16488b4c2d3096448703af3daec4e766db071f1e43e4022c601293796bd10
SHA1 hash:	ed02e7fdd9398feb5f57634cfb17693b9689fb90
MD5 hash:	3cfc34d45436c97ea49a504adaec1bcb
humanhash:	diet-earth-south-fish
File name:	3cfc34d45436c97ea49a504adaec1bcb.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	664'576 bytes
First seen:	2023-12-22 06:56:00 UTC
Last seen:	2023-12-22 08:19:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:jKrmomWOHS95p7qF5rslbQuK5Fvxs1IMb4m8aJNhevxa1onvt6L5Mme:Ob/BvpQ5rslU3WPsm8JEonFGMB
Threatray	4'180 similar samples on MalwareBazaar
TLSH	T145E41268B3699503CC7F07FA00A152449BB670B76516E7CA8DC2389A0EF5F2DD610B7B
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):
dhash icon	0060796969697000 (8 x AgentTesla, 6 x Formbook)
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

273

Origin country :

Vendor Threat Intelligence

Detection:

AgentTesla

Link:

https://www.capesandbox.com/analysis/468930/

Detection(s):

Porcupine.Malware.58887.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/6585330e6b1c246046010e6c/reports/8ad7cef2-f783-4cb2-a965-2a522fdb69fc/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/10529f9c-4ef5-4a3e-9b49-c612e2c82915

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1365988

Signature

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Antivirus / Scanner detection for submitted sample

Contains functionality to log keystrokes (.Net Source)

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected AgentTesla

Yara detected AntiVM3

Yara detected Generic Downloader

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-22 06:50:53 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

17 of 23 (73.91%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vbee2s3eiuunzjfqs2irngwgnz3grj5htqoa4x2oxs6vehb5fvlq._file

Verdict:

malicious

Label(s):

agenttesla_v4

agenttesla

AgentTesla

9704e443a68009427028c22fdb39eb3e28a32709d42358b1df4c95d16a4112fe

AgentTesla

9a1138a162bb083659fe3716b97ed51486af388c69929decf4db49577c826bd2

AgentTesla

e49df0f66eb42b10494df1c1c8518fe9ab49b30df38b148c2158149d52a11b91

AgentTesla

+ 4'170 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/231222-hqcpcadbg2/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Unpacked files

SH256 hash:

bb265a8187cc1151c765128f6b8340c01b6283e29a3bbc8a3086a6c0a822c604

MD5 hash:

cb694dfef9a731230d1534e865e8f9b1

SHA1 hash:

defec996a4dc314488b016d7727f6c22ef4917fd

Link:

https://www.unpac.me/results/4f2f5e6c-19a5-4925-8bae-62bfa4e3450d/

SH256 hash:

d9332d905635c6acc256b2b8e490becf03eac90400120dd333745a48a747ff1a

MD5 hash:

ffe13edbc049ce7b6ef7a3673928633c

SHA1 hash:

9c265068b32533f1c5dffd6792605093f95a227b

Detections:

AgentTesla

win_agent_tesla_g2

INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients

Agenttesla_type2

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

INDICATOR_EXE_Packed_GEN01

INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Link:

https://www.unpac.me/results/4f2f5e6c-19a5-4925-8bae-62bfa4e3450d/

Parent samples :

5dbac89a6802a5144699a6e8a4ba1b2016857f03b0e01b6680af7f223f34f22c
9a1138a162bb083659fe3716b97ed51486af388c69929decf4db49577c826bd2
a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57
8cd42ca679618100850eafd118304c86114cf6de94df75014c4eee3d1905c74d
088912f521813fcc47c7ed2c36f4977e049a359606909dabb46422fa78d05f2c

SH256 hash:

24393a0a887ba64bc587f5f5f00029af3e35233925d67627e9b848bfd031c042

MD5 hash:

d5e438d07e6eec9c02b39dae15062852

SHA1 hash:

506247ee2120ce6f47eb7bf5749ed550226ac2e4

Link:

https://www.unpac.me/results/4f2f5e6c-19a5-4925-8bae-62bfa4e3450d/

SH256 hash:

311f5dbaf31ed25df38365d5a7c6e937a73b204f10ce58b912348ea3fa6a5bec

MD5 hash:

c201fb67e02eea5316034f91495aefee

SHA1 hash:

1e38d083579d2cbd96487aa686012d3e199c509e

Link:

https://www.unpac.me/results/4f2f5e6c-19a5-4925-8bae-62bfa4e3450d/

SH256 hash:

a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57

MD5 hash:

3cfc34d45436c97ea49a504adaec1bcb

SHA1 hash:

ed02e7fdd9398feb5f57634cfb17693b9689fb90

Link:

https://www.unpac.me/results/4f2f5e6c-19a5-4925-8bae-62bfa4e3450d/

Malware family:

AgentTesla

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a8484d4b6445/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

exe a8484d4b644528dca4b09691169ac66e7668a7a79c1c0e5f4ebcbd521c3d2d57

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2739476/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/468930/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample