MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
SHA3-384 hash: c36ebebcdb3f54e8224ba8fbbeae966993916b823cc369262049ebc5fa6fc185551f5311bbf315349add9b81f33bb666
SHA1 hash: 3345a62113167e92d7053cd320d0b125082efa19
MD5 hash: 9410dfc5ab722c9906bf14ab8da71722
humanhash: cold-nine-earth-violet
File name:b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'744 bytes
First seen:2020-06-16 09:34:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep 12288:eaeVQkTrvj4rfgWlI9AMmyiPv7AS3Gk9QsLPQ:eHQkTf4rfgWli5i37D3Gke
Threatray 140 similar samples on MalwareBazaar
TLSH 4694D0176C90F173C876163355E58B2E062A3C3E7FF9A1C3AA5D3AA5EB322D051352C9
Reporter JAMESWT_WT
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10755/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 01:08:48 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0f88360504d8d31ba8c9313f9237e0e0e65cce7670291fd948db57a8a21eb5df
AgentTesla
349c6730ddc5b8a6969dadbda237829f6cf52f57101ecb03adbb4024df5da299
AgentTesla
43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
AgentTesla
46ea1705549840fd45e067930511c81a0b8979698f98e4b170b9a93b27a6ed0a
AgentTesla
5fa3c8bbf60b41b010f4a98e17fd0ee4630a6e365049279d72e4849374964101
AgentTesla
647fee1c3bc734439133bd78fe6519ad349501ac7a83e179601950f97fe96e1f
AgentTesla
a9e51c077a3cb18a4fbb72e9a01bdbbeac7f78da7eb0462a6c191f5956ae83a1
AgentTesla
bccc23b47532cc1b95e61602152160960a31ae993aa85bf4f8448d8ea41212dd
AgentTesla
d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
AgentTesla
fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7
AgentTesla
+ 130 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-lhnzxv1dp6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_blackremote_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10755/

Comments