MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd343b1b5db4f37db72ebf4abba33431c9e28fbb845e847ee1184270c8807204. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd343b1b5db4f37db72ebf4abba33431c9e28fbb845e847ee1184270c8807204
SHA3-384 hash: 2afd9213623b7be25ed7428d8dae04677b5d0befc643f912268d105aac9235d071038ebc65848fde3eeb2c9f4c94c230
SHA1 hash: 0d3ae0c6bb21a84134c098c4a2cf9c1c86458fb4
MD5 hash: d670492786ca1428578da90874729422
humanhash: solar-kilo-enemy-william
File name:bd343b1b5db4f37db72ebf4abba33431c9e28fbb845e847ee1184270c8807204
Download: download sample
Signature AgentTesla
Create hunting rule
File size:592'896 bytes
First seen:2020-06-17 09:18:49 UTC
Last seen:2020-06-17 09:42:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:AFVaOR6QYAhNSO+k35f00R0T7rQcIjsuE+4cLwdV4cItDBMPy+pt7SjVd7V:sIQYAf0k35M90cIScgV4LtcySujz7V
Threatray 256 similar samples on MalwareBazaar
TLSH E6C4D3386CE1213385BBD2B6E5F5198BF9AD387B35159C4F49D7038509A2B92ADC2C3C
Reporter JAMESWT_WT
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19315/
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.10988.2343.6473.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Backdoor.QuasarRAT
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 01:23:14 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1e2773c36054c3392f3e220d4c22cce63f31750c2ee6707198e4d15648f11897
AgentTesla
3c90e174ff5097d991e0b99001a4e64e0c9e312df0ec03cee51380148974920e
AgentTesla
49cd5a74bbebb0bb147f1bfb1e0ec7e42de79cd137eff2b62386cb3ac5229dab
AgentTesla
5dbe7d927fbad788711eb319a3450f00b1f8618b6e2bbe83d2db30276f8e8ff2
AgentTesla
6412e50a2a917f37b09730c975d7dbc1ccebc48442196b74d7cf694e19a093c7
AgentTesla
95aee7e64808e12f340834e6b49c3541c1e5e0b3a1ff1fcd7eb2591a83b619fb
AgentTesla
aaf4ec4fd94e1da7b19a572aa597547d47e3d727e9d23a664996d62b0d3bcc88
AgentTesla
c4e42ebfd487b325ece4f09d75687c96e252aa8559f8a8daad6336dc39ee5424
AgentTesla
d5b11657c8bcb70e2f3f041ad8b18e7e1b425f35da31110bcd1ddb4c9d8713b3
AgentTesla
e8406edde4743eec38d88fd58f2c79b11d09d76bcd57b757cdf5844ea5bd55e7
AgentTesla
+ 246 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-6barm7f8sx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19315/

Comments