MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a93955691d6362b1ee938642800ed9397cdfd4152e1e2ea68c9cd0559f6aa575. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a93955691d6362b1ee938642800ed9397cdfd4152e1e2ea68c9cd0559f6aa575
SHA3-384 hash: 12f66c770f7e952c9453f87ec8bc594f9e558f5736d209a712fcdd1489cc29d9835b17579a5eb613861ab84da91f45ea
SHA1 hash: f417ac9c29d2406af1bca0d84d6abeb3931d473e
MD5 hash: f26ca9007fa91989545126ee0f24334a
humanhash: alabama-sweet-ten-pizza
File name:f26ca9007fa91989545126ee0f24334a.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:376'832 bytes
First seen:2020-06-01 08:06:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 6144:GySnZu+T9uV1TCl/O4SWcClhWDaHR8UIwPfj6ZylZNblKxG5yBujrtGs:GySZlTqOl/O4vcWWDax8mfj6ZOD+MyBG
Threatray 11'198 similar samples on MalwareBazaar
TLSH 2C8412487BAC852FC14C89FCA489804457F7E53922A1F7C8DCA126FA96EFBD0CE11957
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
AgentTesla SMTP exfil server:
smtp.bapipl.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 13:41:05 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ve4vk2i5mnrld3utqzbiadwzhf6n7vavfypc5jumttiflh3kuv2q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0f3fe234c700b316a460c05098c843efbb0965b672d0e7a6f58028669c37ccb9
AgentTesla
26c5098fbb4be4871383a901013288d16a6a2aad7d0952c28fd888e080aea394
AgentTesla
2f4964e14972eafa98f1fc8ad81f8dc2eeb45a00ef420cf59db34faba1592ac4
AgentTesla
407a92dc3261682d19c7e6431b78c67470a498079f261d3c729d2e89b689b573
AgentTesla
7e68b29fadf839d238225f50e5e5db677690a7cf968ab59484571bb6002a1311
AgentTesla
94538948c885f55d6120782322773ad9a34d7c9c318938c850ac6d55bdd3ad52
AgentTesla
99e3fe0d987e5351288ec41b56373bcf5a7094ea41af08b998e801a6ec1ed092
AgentTesla
9fb5e1d1b16b1a20d4994176d4579a90dd2e0a87b0bb6cac123e9894278f61ee
AgentTesla
a3f8c63b9925504706f889dc1bc944a5485144007b80b042cf53accda4f650c1
AgentTesla
aad10ae8b03a3f2997e124184b6256b88c69a61bfdd905b06ffa90204efeeaad
AgentTesla
+ 11'188 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201109-fqm8n5z2fe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Create hunting rule
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments