MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4665c47727853925a5ff495455513d4f84a9bfd567d92ff28f428bd2c0db405. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4665c47727853925a5ff495455513d4f84a9bfd567d92ff28f428bd2c0db405
SHA3-384 hash: d53e4230a943263bd77ae718f54e0f3a19d86821ec314f1cdbc94a301dc773ad503cbe151b901e4192c916ed2a2e87b1
SHA1 hash: 027efce74678ce8eebe0b3fd2551f969769218eb
MD5 hash: 6368f5e519a336d17666c558ddbdbf00
humanhash: alanine-princess-montana-tango
File name:LC NO-0042002210001102.bat
Download: download sample
Signature AgentTesla
Create hunting rule
File size:474 bytes
First seen:2022-11-26 08:35:38 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 12:YtsLui269RGE2vjWOkTgfxDJS25b5B7qjz595Zq:YtsLuib9R6LWOkQjz50FDZq
Threatray 20'119 similar samples on MalwareBazaar
TLSH T180F0AB036BDC45E18B1F6D01F4C7E1F72A961CF83EE0137C298D6EA01BD83059848AC6
Reporter 0xToxin
Tags:AgentTesla bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
173
Origin country :
IL IL
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
LC NO-0042002210001102.bat
Verdict:
Malicious activity
Analysis date:
2022-11-26 08:36:08 UTC
Tags:
trojan loader agenttesla
Link:
https://app.any.run/tasks/81061b4f-9bdf-4c6f-8115-b0f2e7f27cad

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/338721/
Detection(s):
SecuriteInfo.com.Heur.BZC.PZQ.Boxter.791.308A2691.7801.21750.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd cmd.exe packed powershell
Link:
https://www.filescan.io/uploads/6381cff424da1c12cfe1bc03/reports/b49fead6-0d97-4f95-b796-6d4e7e6b8382/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1121531
Signature
.NET source code contains very large array initializations
Antivirus detection for URL or domain
Downloads files with wrong headers with respect to MIME Content-Type
Injects a PE file into a foreign processes
Installs a global keyboard hook
Malicious sample detected (through community Yara rule)
PowerShell case anomaly found
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Download and Execute IEX
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4665c47727853925a5ff495455513d4f84a9bfd567d92ff28f428bd2c0db405/
Threat name:
Script-BAT.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2022-11-25 09:17:59 UTC
File Type:
Text (Batch)
AV detection:
6 of 40 (15.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wrtfyr3spbjzews76skukvit2t4evg75kz6zf7zi6qul2lanwqcq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
106e360fa4467673bc46d467e7436c9cdee3d638cd14db8f5c8aff07fec90ebe
AgentTesla
1cb43bce49d7a44e1002c1f05659947a5cf9be256d585179af424a495d0716f7
AgentTesla
61d404fca3e77c9da77c817cf0e35541e15ea11350f6068d22e33a03a28a5e35
AgentTesla
68560ba1282ff5825be68c2a7c9aef2fa6a643a42fbe1947572fa5a1d0281425
AgentTesla
b396f3f9fa5b3acac6ddbd6699ceeff35c671c1d0d595a69b187c2a107cd31eb
AgentTesla
beeb242bb1a4ffa7cc706ac482236afb457d52ffdb0defcde160528b858c6b03
AgentTesla
fb0911990564af7079182bb5d5b798145056413d295927ac4c53cd1abc4512dc
AgentTesla
+ 20'109 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/221126-khk2vsfa27/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Downloads MZ/PE file
Malware Config
Dropper Extraction:
http://codesparrow.net/Done.Ps1
Malware family:
AgentTesla.v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b4665c477278/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b4665c47727853925a5ff495455513d4f84a9bfd567d92ff28f428bd2c0db405

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/338721/

Comments