MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190
SHA3-384 hash:	60e2ec185a0c03879612ecb953fc5933e9190466e9cf0a5bba63a7031d53613d814cf5f98b9a514a66d545cf0446539a
SHA1 hash:	86fe0fb1a6abc609625eea728f370162817744b5
MD5 hash:	554937b17f28a664762b2d805123169b
humanhash:	table-johnny-alabama-stream
File name:	554937b17f28a664762b2d805123169b.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	712'192 bytes
First seen:	2020-11-07 09:37:41 UTC
Last seen:	2020-11-10 06:29:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	34ec234718f5f3a61f897452f4780c35 (2 x AgentTesla, 2 x Formbook, 2 x MassLogger)
ssdeep	12288:XHunKf2G1PA7UDl5gj/gtnouecR/3rJv74F+wkFwVgqVSc5feBK9PGEYqXIME9ke:ei2Gq7etnogRdvEk1RcoGGAYM0X6g1n
Threatray	105 similar samples on MalwareBazaar
TLSH	B0E412257541C073D4A32A3004B9D532DA3DFD315E601D1F63DA333AAFB63D29729AAA
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.KillProc2.13962.791.30403.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the %temp% subdirectories

Creating a file

Running batch commands

Launching a process

Using the Windows Management Instrumentation requests

Unauthorized injection to a system process

Enabling autorun by creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

MassLogger RAT

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/523701

Signature

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code references suspicious native API functions

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected MassLogger RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190/

Threat name:

Win32.Trojan.MassLogger

Status:

Malicious

First seen:

2020-11-06 17:10:56 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vyidb4h7a2nmkdpkt4uzdbsqpwzcep2h7ri5dfjmslkhbg5fmgia._file

Verdict:

unknown

AgentTesla

60d7a9feec05511bd20c144fd23ad438d80b673487ebe45d857906c054c82ca0

AgentTesla

74fe23fdb7b12b785e1e6db24dba0536deec51ddac1edbd53a0211b68672628b

AgentTesla

8524c16356ec2511b2623d04902d772836d3460de10f2dca77a8930a92703eae

AgentTesla

a6c456dcee9a9c53aeb0360bdb52a682137745ad9ec607fce1199e24cd348ee5

AgentTesla

af09dc4e1c03370d83596aa180b581541bea551c00e731dbb05229525389036e

AgentTesla

b79273545da050a53a38855e56afc06bce2cefe78fad1ccb36a8616b2950b1a0

AgentTesla

c0fb3989dccc0e8aa3c3b0e95a8b6cc3982c41c80930998efc1ac26613b0153e

AgentTesla

ca20e6d6fc14a5a1b07747c95d04fa6fa593fbeda1be5b0eb84495d60fc59e01

AgentTesla

d71e111e12643f8c35292b4b2f02f45935f76acba96d2f0d66f55bb752955644

AgentTesla

+ 95 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201107-58r9wpmfcn/

Unpacked files

SH256 hash:

ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190

MD5 hash:

554937b17f28a664762b2d805123169b

SHA1 hash:

86fe0fb1a6abc609625eea728f370162817744b5

Link:

https://www.unpac.me/results/d32ec500-1dfa-45f2-aa1f-073dc0c57a6a/

SH256 hash:

6dd1eac2a9acbab22d96c00403269f6144b9a13908a2845276e0365c1e90d144

MD5 hash:

87c4d24048ee1d40b52b029dca65520a

SHA1 hash:

d40002b80e37108b933caeb537fcf6f9cf9a430c

Detections:

win_masslogger_w0

Link:

https://www.unpac.me/results/d32ec500-1dfa-45f2-aa1f-073dc0c57a6a/

Parent samples :

ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190
a94b1b1f02dbaf0895a93de9df8603115501866ce76a147cb2e4330b0894b928
8b89f4df41360c5069599c46d83a596a10f664eda83a87ac764c75efd38861f9
75139a48d485f359d57726464104e7dd840bb1d26457d9780363d1360a83e12d

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

exe ae1030f0ff069ac50dea9f299186507db2223f47fc51d1952c92d4709ba56190

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/795557/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample