MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b993421e49aafc2f381919313d92dd6f89ac99d67b5e650734abd5d3499eff5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b993421e49aafc2f381919313d92dd6f89ac99d67b5e650734abd5d3499eff5f
SHA3-384 hash: 2000b9bb2852c48f74b8d3039d6aadc7a99859d158df4711b2627ea8d142e0a11bf94cfbe30dfde44bc275491b391fb7
SHA1 hash: c4d7f4a0a59b36d0c04b77295e969dba01a44274
MD5 hash: 2aeca0807a7b0a58fbce2f371f6267c7
humanhash: fish-berlin-crazy-video
File name:SecuriteInfo.com.Variant.Tedy.139425.27755.1437
Download: download sample
Signature AgentTesla
Create hunting rule
File size:770'048 bytes
First seen:2022-07-20 17:37:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:olG6JnPQc4b631h/aWgWTFMPz8dVb0TXj81eDKaL1yfgw:5DC/lhML8XYzjRD91Jw
Threatray 18'232 similar samples on MalwareBazaar
TLSH T124F4C018B627CD13C27C17BAC0C2558483B1850A916ED78B7EDB22D21B42BEADDCD797
TrID 69.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
9.9% (.EXE) Win64 Executable (generic) (10523/12/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b271c0cccccc61b2 (16 x AgentTesla, 8 x Loki, 8 x SnakeKeylogger)
Reporter SecuriteInfoCom
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
413
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/292968/
Detection(s):
SecuriteInfo.com.Variant.Tedy.139425.27755.1437.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Launching a process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62d83dd9b1b58ed7a174cdac/reports/89374256-33e5-4701-9ff2-d1d9f4ee8ea6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1037788
Behaviour
Behavior Graph:
n/a
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b993421e49aafc2f381919313d92dd6f89ac99d67b5e650734abd5d3499eff5f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-07-20 17:39:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
31
AV detection:
14 of 39 (35.90%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgjuehsjvl6c6oazdeyt3ew5n6e2zgowpnpgkbzuvpk5gsm675pq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
19b17f5fee196217056fa20ab9d4a7e0b4969bcdcfc85984885cffd7bc9d9937
AgentTesla
1e358cdd08320d9b811ec7772ac2d2e3eb2a4c2d61da189a3a6aaa0cff000c97
AgentTesla
298d64aaa9ba0cc007edb65c7e41e294df4726080ea3a27504bdde0a7bbe2e10
AgentTesla
4d85861ce1936ba348b41198217472ce8a5db4f0415ba15a1a6e2cc05ac120ef
AgentTesla
5f353c1c8c8b5b2b013aa514d1423a43506a6624c54398f96245f4684b0944a1
AgentTesla
7d1ce895b378ac882afa295257d1be99a16c8f9ad36bdfc7940419c1d7fa8348
AgentTesla
85f2e664b113cdbd49156057515ddedc60ba32235e49257b44854a7be52eb77e
AgentTesla
fa74f2f2fde3b73f53ee495fdfe25b5fb3866f240e933e9a5dfad695c8d9f962
AgentTesla
+ 18'222 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220720-v7rk2sdehq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla payload
AgentTesla
Unpacked files
SH256 hash:
fb2d2730c657872f2d7b17e3f43513f0b67eab8710efb85f54cb050ea3a37314
MD5 hash:
d69dd92ddd7ae1ddb2a2714044b14718
SHA1 hash:
f92cda5c46b4d1a7e920777eebed3f747279c6b3
Link:
https://www.unpac.me/results/19c61632-6f83-41e0-945f-e9a44e14f897/
SH256 hash:
39c2d879c57f07305ce60412dc8a88f02e51f1a14a06cc605768d1d7f5313807
MD5 hash:
db51fe170a9e5d6ec5429a2fbd9d0353
SHA1 hash:
e30a58125fc41322db6cf2ccb6a6d414ed379016
Link:
https://www.unpac.me/results/19c61632-6f83-41e0-945f-e9a44e14f897/
SH256 hash:
4b70f7574743324982ce8d918fe68358b80b563d1e7de82ae6db080ce82a1b1c
MD5 hash:
3a8fff6380ce2c58eea46e6efa8b332b
SHA1 hash:
a5b3f0e8b6bf0b61bac188b4f0b0e84df0c6c65f
Link:
https://www.unpac.me/results/19c61632-6f83-41e0-945f-e9a44e14f897/
SH256 hash:
ca4e3745f87ae419e10fa9dd15e9814f66a7dca601ae70bd3ae3b0b0781e9491
MD5 hash:
6491ab64072f34a6124f4cdf1d9bdd43
SHA1 hash:
78008e0c188d1732ebb5bbfe6d15892ebe32b1f7
Link:
https://www.unpac.me/results/19c61632-6f83-41e0-945f-e9a44e14f897/
SH256 hash:
298d64aaa9ba0cc007edb65c7e41e294df4726080ea3a27504bdde0a7bbe2e10
MD5 hash:
990c66eb97768536e12066be9e23d65f
SHA1 hash:
13f239a39981a0fa80f055a3c54b7ca81e7ea8b8
Link:
https://www.unpac.me/results/19c61632-6f83-41e0-945f-e9a44e14f897/
SH256 hash:
b993421e49aafc2f381919313d92dd6f89ac99d67b5e650734abd5d3499eff5f
MD5 hash:
2aeca0807a7b0a58fbce2f371f6267c7
SHA1 hash:
c4d7f4a0a59b36d0c04b77295e969dba01a44274
Link:
https://www.unpac.me/results/19c61632-6f83-41e0-945f-e9a44e14f897/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b993421e49aafc2f381919313d92dd6f89ac99d67b5e650734abd5d3499eff5f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/292968/

Comments