MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15
SHA3-384 hash: e522894a8fd74f13234afcbe0a87869b11fabf188f9866def80912efbfa0c4f4dec8348d398dd3d8e2ba2d733b44d0f6
SHA1 hash: 6719018e9344823c9962b04a75afe7d0be779df0
MD5 hash: 5c66720dc80a18f0fc5b525d48efd118
humanhash: cardinal-march-arizona-six
File name:SecuriteInfo.com.BackDoor.SpyBotNET.25.104.14476
Download: download sample
Signature AgentTesla
Create hunting rule
File size:220'160 bytes
First seen:2020-09-29 00:38:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'451 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 6144:irI8Hd8U5MVMjdOH+OAp9Uq441DW8jcDW:bkLGMjdOH+j
Threatray 206 similar samples on MalwareBazaar
TLSH C2240756178CAD21CF7E0178C057821837F19633876682CF6AA2D8FD1B876C9FE1A5D1
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/66578/
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.104.14476.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Using the Windows Management Instrumentation requests
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/476986
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2020-09-23 15:01:13 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xytwhtsonroguiuo7r4vabuwnl4upiz3w6mscioz6e47cypxvmkq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
254e6d691fc7292fba06fc4f127d509743961835b12079ccc5a96f53ffee1648
AgentTesla
b3332f865f362bd89aaa305a8b8ec5d3e5b6ddae9e704b70a2d36723550415b0
AgentTesla
b646b8f4e9a67cab72124eaa7db809117f7d887e27e2eaafffacdc2703668cda
AgentTesla
b90e648ea2d913c493765798db8d443a355bcba18f973c5957e5f959ad794a60
AgentTesla
c6a9e6b49e72daeffbffe9c46f56b5147d1885ff0b2c202558d794c258b71818
AgentTesla
c95b9b5cf40c96d46c8a6443c458575ccb0cff8e0f750a3e9506c62a155bcfb0
AgentTesla
d3345db33851543b968f728d2a342c49dc72b0dc633da851518d8585e53af3ce
AgentTesla
dd10a839cf519c1f245ba3c21cdac6b9d8d7d863b4f0336be99b4da9e0254808
AgentTesla
fb8be54633a272604b64a7b5a79b6d123b30d1763d2235e9d81a960b858328e4
AgentTesla
fb9170b75704e2202310a4ea95652f93cfcc6d4c4700055156ebb8e5532c4a9b
AgentTesla
+ 196 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200929-anjn4l7m4s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15
MD5 hash:
5c66720dc80a18f0fc5b525d48efd118
SHA1 hash:
6719018e9344823c9962b04a75afe7d0be779df0
Link:
https://www.unpac.me/results/0765a4bc-1c8a-4dc2-a3cc-b3ebaefdbb1f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/66578/
  
URLhaus
https://urlhaus.abuse.ch/url/619203/
  
Delivery method
Distributed via web download

Comments