MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b711fc441777905b534050ba32f04836a1a791dc4cfbf850b1ee7faecd6a82da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b711fc441777905b534050ba32f04836a1a791dc4cfbf850b1ee7faecd6a82da
SHA3-384 hash:	e101483147cf760e66fc25839161d5b9679cac01f1417bb714e8d5e4925b2617ae8f4194c7bbc0932db7f9d3596e23b6
SHA1 hash:	a7b38f256a423a19501af28081d7c20a8fa681fc
MD5 hash:	f873ce13893b0038a9955181871dae15
humanhash:	quebec-finch-glucose-kilo
File name:	f873ce13893b0038a9955181871dae15.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	734'208 bytes
First seen:	2020-11-04 06:43:58 UTC
Last seen:	2020-11-04 09:16:38 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	6144:Ub4/07gcc6/iWe+fq+kyzKtpOqD1K8npLmPUahOZRnh0Fa/MQ225YCgFf+2aNuRz:g40a/BCnDQLuF0kTFFSXnKF
Threatray	1'001 similar samples on MalwareBazaar
TLSH	23F4B6F440EF10A2F15F442566ADBEA402F2B287DBDA5E08437DE2711FAEB523B0564D
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/82197/

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.bt.17141.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/519862

Signature

Found malware configuration

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected AgentTesla

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b711fc441777905b534050ba32f04836a1a791dc4cfbf850b1ee7faecd6a82da/

Threat name:

ByteCode-MSIL.Infostealer.Tepfer

Status:

Malicious

First seen:

2020-11-04 00:21:37 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=w4i7yraxo6ifwu2akc5df4cig2q2peo4jt57qufr5z725tlkqlna._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

1f68682f037b5964da035112cfcaac453d8a51ce7912128937e10f843de8dbac

2224faed60a821d88e78b3cdbf91fef22a0e8c7e22e6cdacb9e0242e248c28f6

2358ed95f04bcb2b05cacf8168d2da545c095b2da8163525102824c668d3e643

28823e2dd26833e6b8c4b3e1988dcf44ae38794c20c9ce8adaaf60106652ddf9

2d5c8fa975518fd2ce9dbe0ea412b4b2e20f56706bfac1bb58cb527d6b60af14

6335bf8bea22d1fb835baecc4ef570947b55473c936cd1ae5bd689d6746936f9

81a408670b2a419c4383f47f1bdc1bf040e8070e8f4eaa734173478a6ee2347c

93e446bad2646dd1b68653f37e104dc7cd086f948e9b374c5cd97a158d93bca0

9e2415c2fe10d7f399ac6d36ac217975316345924c3ea9a2a16a7527724e282f

bf993f6195527053ecdbb6c83a6ddd94528d867b26e04cdebbbcb6f3bfd813c8

+ 991 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201104-matksvzqdn/

Unpacked files

SH256 hash:

b711fc441777905b534050ba32f04836a1a791dc4cfbf850b1ee7faecd6a82da

MD5 hash:

f873ce13893b0038a9955181871dae15

SHA1 hash:

a7b38f256a423a19501af28081d7c20a8fa681fc

Link:

https://www.unpac.me/results/4064161e-f46b-4542-aec2-83db9fb36d47/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b711fc441777905b534050ba32f04836a1a791dc4cfbf850b1ee7faecd6a82da

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/82197/

URLhaus

https://urlhaus.abuse.ch/url/780172/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample