MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf70a83b41c0e405e4c21c3253d0a80a34e08a2da16ad6e36e77d2f070cb6f82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf70a83b41c0e405e4c21c3253d0a80a34e08a2da16ad6e36e77d2f070cb6f82
SHA3-384 hash: 3fd767ca2d163520906b39524da1737835f4c965a9ae8efcfaa56c8e70a63d614719684f6f61dfbe278769ef26ee14d4
SHA1 hash: b901d8ea854b1d9045863a8c2232ba4d4bbdd241
MD5 hash: 48af9b094ed8a656a1d63091cc022ae0
humanhash: eighteen-cold-mississippi-july
File name:PO_594453.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:783'872 bytes
First seen:2021-08-31 13:15:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (83 x Formbook, 33 x Loki, 31 x Loda)
ssdeep 12288:jXe9PPlowWX0t6mOQwg1Qd15CcYk0We1MY94thdm5Fo:KhloDX0XOf4+tzgO
Threatray 1'141 similar samples on MalwareBazaar
TLSH T17AF4C023692CD897E56E24F6C093D5FED8B4AC25D4590023783EBE3D76B8342281B6DD
dhash icon 0323232973712927 (1 x AgentTesla)
Reporter malwarelabnet
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO_594453.exe
Verdict:
Suspicious activity
Analysis date:
2021-08-31 16:15:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/203b9ad5-626f-4d89-a73c-8d825e11a511

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/184209/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending a UDP request
Sending an HTTP GET request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f675e7aa-d38a-4b14-9c63-27638076ccf4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/842687
Signature
AutoIt script contains suspicious strings
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf70a83b41c0e405e4c21c3253d0a80a34e08a2da16ad6e36e77d2f070cb6f82/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2021-08-31 01:41:47 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5ykqo2bydsalzgcdqzfhufibi2obcrnufvnny3oo7jpa4gln6ba._file
Verdict:
malicious
Similar samples:
0caaaa5f4ab21a8ceaaded6e69be05b30e424980e159c6458b0c8379adee95da
AgentTesla
156efe89fee459bec720ab5e1e4b24110d3bb3f8a85b9804e40fe35942bbcd86
AgentTesla
4841307c8072c7aa013a5b090f7b3ee0ad2af6ad9212781edd02806b4894239e
AgentTesla
5d2e4f11193ed6e79071fe272dbd73db699e90f50c1ad9fdd9bdd03f165139e2
AgentTesla
9218a2c4cfd9538b65b06202b850c2900e625477b176708d44e09a6bafbb5d43
AgentTesla
b143f984cc0745b1529e2253761eaff547509e7fa44d20c220d44d176a7952e7
AgentTesla
be8ca19f6d30ff45310e64470f12b39dc6529b9921899f5671be5f9359ebf8aa
AgentTesla
c46c1d3ce137b855a860af126e8986175501defc0a3f69c5472bf9d905c05bb4
AgentTesla
+ 1'131 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210831-zy9cyy82w2/
Behaviour
Modifies system certificate store
Enumerates physical storage devices
Unpacked files
SH256 hash:
727563c652beb92e375c8a5347b7c8d673127360640ab64ca567eb4afdfcf04a
MD5 hash:
18c7b47f9832a05fea65faa7a53ca8d9
SHA1 hash:
ea5a4ce7af118ea720e2c1c44eb821fad24bd9e5
Link:
https://www.unpac.me/results/2a9d7029-da11-4f2e-9eb2-10fe48476c59/
SH256 hash:
bf70a83b41c0e405e4c21c3253d0a80a34e08a2da16ad6e36e77d2f070cb6f82
MD5 hash:
48af9b094ed8a656a1d63091cc022ae0
SHA1 hash:
b901d8ea854b1d9045863a8c2232ba4d4bbdd241
Link:
https://www.unpac.me/results/2a9d7029-da11-4f2e-9eb2-10fe48476c59/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/bf70a83b41c0e405e4c21c3253d0a80a34e08a2da16ad6e36e77d2f070cb6f82

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Telegram_Exfiltration_Via_Api
Create hunting rule
Author:lsepaolo
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/184209/

Comments