MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd7bc6f7691334319750e484ab95397c67b973ec0c0efd25c1227c4328630b28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd7bc6f7691334319750e484ab95397c67b973ec0c0efd25c1227c4328630b28
SHA3-384 hash: c6b3206234eca84e450994f91551d620f7fdde829565c56fbde51cd0a38691d909153301b1d7921501af8d0683746757
SHA1 hash: 974eff859ba289b9a542d2f24f644fb466d7aeac
MD5 hash: 4d672f81633784d2332e686cc0adb06a
humanhash: mexico-tennis-nine-purple
File name:3036545e2b26e69c60fe129cc51f6942
Download: download sample
Signature AgentTesla
Create hunting rule
File size:481'300 bytes
First seen:2020-11-17 11:53:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8e03986f43da04ce7cea18a70d05172a (5 x AgentTesla)
ssdeep 12288:xJClAr/291E7Bb/tte5aq0zM/eWxWVHck:8Ar/E1WBGaq0AmWJk
Threatray 1'326 similar samples on MalwareBazaar
TLSH D6A4022534D1C873E073043544A893E29938B9352E76E997F794735E9E7C0E08AAEE73
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Launching a process
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd7bc6f7691334319750e484ab95397c67b973ec0c0efd25c1227c4328630b28/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:56:54 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xv54n53jcm2ddf2q4sckxfjzprt3s47mbqhp2jobej6egkddbmua._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
01330ada2211171d1bb5db977363a94cea239c455ea8c2fabea401a29b1c8143
AgentTesla
160bb1d1ffcdea76c664adfeed64f6fe3e16285baf9c4336ebb0caeddfcfd931
AgentTesla
20dbea65f9ea5d713ead877a8fdca2bb606af820520ea99fafcef39fc7652ce2
AgentTesla
2ff93944081c104e8175f5209255c50e92d65f8a3e35fbf01c5f6f46237575af
AgentTesla
431c9f8b4b58782d7f9ebeccb1b3a18357667fef8293571cf01aa72f98720df2
AgentTesla
6609cf9b0aefabaaf1bccc04237e6ff32315960166bf4aa2ff5372cfb51c80d3
AgentTesla
abf3d62c029da4a935ffde31a6559242200cc0b0483c0b552e714d54170407a6
AgentTesla
b1f530942db69e2f7a2823abab2ecc03eaed957101e7e6a7b53af823765df3a7
AgentTesla
e3dbadc32e9e198eb9c03b3c8a29bb4569838eb7089ed761aea6a496eb8f8157
AgentTesla
e998f0cbd6aef5d5efa2405caccf5594bdff5e18383a8aeccc26caa6b49a1ee0
AgentTesla
+ 1'316 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-nsr7nvf9se/
Unpacked files
SH256 hash:
bd7bc6f7691334319750e484ab95397c67b973ec0c0efd25c1227c4328630b28
MD5 hash:
4d672f81633784d2332e686cc0adb06a
SHA1 hash:
974eff859ba289b9a542d2f24f644fb466d7aeac
Link:
https://www.unpac.me/results/6699cfa6-5a4a-440e-8bfa-ef20d812f213/
SH256 hash:
17ba2a38eface50bc5a5b8e418fd83bd3b6ece376e776ad5fd0ca632166e22ed
MD5 hash:
c3f78a98f5f5f8658b3fb33fcb467aa6
SHA1 hash:
6c4139d5e5c32f41f6eee073db3a0cd7875137b6
Link:
https://www.unpac.me/results/6699cfa6-5a4a-440e-8bfa-ef20d812f213/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments