MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba5cb8c80d289a15e47f3d55d4a26cbad451b9f6be8a26fc00ee4d379c037347. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba5cb8c80d289a15e47f3d55d4a26cbad451b9f6be8a26fc00ee4d379c037347
SHA3-384 hash: 547946ac98d8e198d67a02535c3cb75170fd87e80225ebb43f8255f11090c09bb2787cfe8c90e40bbfba4445b1b0eacc
SHA1 hash: 92e12f2b986cf4074510a1ade83b918914e41aed
MD5 hash: a16782a5ea9ab3ad0e71e61db261f550
humanhash: eighteen-georgia-ceiling-enemy
File name:SecuriteInfo.com.BackDoor.SpyBotNET.25.13971.6968
Download: download sample
Signature AgentTesla
Create hunting rule
File size:218'624 bytes
First seen:2020-09-17 09:03:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:b2Q1Vl71WDyUAYWeFpVxXCzqNPx+tAthI134r4r0E1rYYQEa13swoErq:bVlo+UPWeLbP0tAXh4r0EF/als
Threatray 50 similar samples on MalwareBazaar
TLSH D8242956178CAE20CB7E0278C057821837F19633876F928F6AA2D8FE1B456CDFD1A5D1
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.13971.6968.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Using the Windows Management Instrumentation requests
Setting a keyboard event handler
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/468895
Signature
Antivirus / Scanner detection for submitted sample
Installs a global keyboard hook
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba5cb8c80d289a15e47f3d55d4a26cbad451b9f6be8a26fc00ee4d379c037347/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2020-09-16 06:37:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xjolrsanfcnblzd7hvk5jitmxlkfdopwx2fcn7aa5zgtphadondq._file
Verdict:
unknown
Similar samples:
2434b60331e372fc347f46ac1ede21a078fc11ddea75c52679ab4c49cd3c12c7
AgentTesla
277848fe676c925becc15a494855ccbc42ee8e2e88cf61144d7de703c82250a0
AgentTesla
37a4202e64f88ef928f46cdb05653527a1201aaffd431022eececff19348515b
AgentTesla
3a8afa181b83a479c7c476791061dd4a7df56a59e21bcb72f0c8a32d76b66d5b
AgentTesla
4d6a4c556af5a4e4a05ca5aadb976af1f792bb509cd17cf26aa2ca3081317e3c
AgentTesla
4eae92b89bf82739fa92cedba39f0203f312aca7a50c393c7e90d191a4acf01a
AgentTesla
954bbd9e612117e2fa3f8c71e72ca98461f7ec20fc028d9910f8629cd170ec2b
AgentTesla
a1164f44afc2ceee90a833e950f23a3bb69c4557331cadb35e4f95bf335f1b27
AgentTesla
b98ed6a71c93bc3722112643bea2bbe8767e016d807e0463266ee2fd47ad9e80
AgentTesla
c18d20986c78642ced7ac827d0436033e931d6bfad38b70ab4473cea1da792a2
AgentTesla
+ 40 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/200917-a7myt5r38a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Looks up external IP address via web service
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ba5cb8c80d289a15e47f3d55d4a26cbad451b9f6be8a26fc00ee4d379c037347

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe ba5cb8c80d289a15e47f3d55d4a26cbad451b9f6be8a26fc00ee4d379c037347

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/62791/
  
URLhaus
https://urlhaus.abuse.ch/url/541937/
  
Delivery method
Distributed via web download

Comments