MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf2efbd13ace8761d0ff1d9e0952bbacb4c403a0e91d76d0b2cd65b838b4c0a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: bf2efbd13ace8761d0ff1d9e0952bbacb4c403a0e91d76d0b2cd65b838b4c0a6
SHA3-384 hash: 681a61f440e9508d708b303401703fee5d3cea66158fd8e24d0d4ee88ae1606293f1609868f69b77b968ef36bffa6e4e
SHA1 hash: d2b2936ff183a895ce82ed5d75ea0fdac3c7591e
MD5 hash: b72e426691c8562cab3551f77964a8ff
humanhash: oven-timing-maine-fix
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.51343.32236.12600
Download: download sample
Signature AgentTesla
File size:353'792 bytes
First seen:2020-08-01 19:33:18 UTC
Last seen:2020-08-02 07:32:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:AUa8McQk6lqDkDKtQQn7wcjlXLMJss9guixM3dG57k:AUasQkkqDkDKmQB5RuixM3dQ
TLSH 5E74077711A190B6C1892334E4720F0B3B7CD2241691F29DB14EA2EADD1E39D9EF9379
Reporter @SecuriteInfoCom
Tags:AgentTesla

Intelligence


File Origin
# of uploads :
2
# of downloads :
22
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
DNS request
Using the Windows Management Instrumentation requests
Sending a UDP request
Creating a window
Reading critical registry keys
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
56 / 100
Signature
Binary contains a suspicious time stamp
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Backdoor.Negasteal
Status:
Malicious
First seen:
2020-07-06 10:12:07 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
keylogger stealer family:agenttesla
Behaviour
AgentTesla Payload
Agenttesla family

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe bf2efbd13ace8761d0ff1d9e0952bbacb4c403a0e91d76d0b2cd65b838b4c0a6

(this sample)

  
Delivery method
Distributed via web download

Comments