MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c12de4a53b633a610834e274d0d1abb8304f8e184694c6a777ab461fcd89c9ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	c12de4a53b633a610834e274d0d1abb8304f8e184694c6a777ab461fcd89c9ff
SHA3-384 hash:	a9a1e8f32c81ba7767892e5248a3786f8038c3cfc317a50d93d6491d0b3fe1732390d40fa320cab5fbfdde0ab0c2b97c
SHA1 hash:	13f7d950881ebd77bdde2afda6781d02c2c97ddb
MD5 hash:	ee4bbc4739a0fc1c8fbac11cc1f63385
humanhash:	pennsylvania-red-harry-winter
File name:	SecuriteInfo.com.Win64.PWSX-gen.24801.25754
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	33'280 bytes
First seen:	2023-07-12 07:44:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	768:HcIIkYpBiTkETf0hR0lvKNdZwF1Jc2SW2YVmuYfU:9ZYpBKkbhR09F1JbSW2YVmpfU
Threatray	47 similar samples on MalwareBazaar
TLSH	T1A8E28E087AB85B7FC66F067755B120D91576E3AE2002DBD26EDDB0E70E5338063077A4
TrID	44.4% (.EXE) Win64 Executable (generic) (10523/12/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter	SecuriteInfoCom
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

281

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win64.PWSX-gen.24801.25754

Verdict:

Malicious activity

Analysis date:

2023-07-12 07:46:54 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e1359bb2-49bc-427b-a75d-716d7a675839

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/416607/

Detection(s):

SecuriteInfo.com.Win64.PWSX-gen.24801.25754.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

DNS request

Sending a custom TCP request

Launching a process

Creating a file

Using the Windows Management Instrumentation requests

Reading critical registry keys

Sending an HTTP GET request

Creating a window

Forced shutdown of a system process

Stealing user critical data

Unauthorized injection to a system process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/64ae5a056e9f7019de9f8173/reports/a0d03831-99ca-4217-9e24-89c959858a74/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/c12de4a53b633a610834e274d0d1abb8304f8e184694c6a777ab461fcd89c9ff

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/29c85f46-8056-4cbd-91d2-3e24afdb6c48

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1271510

Signature

Antivirus detection for URL or domain

Found malware configuration

Injects a PE file into a foreign processes

May check the online IP address of the machine

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected AgentTesla

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c12de4a53b633a610834e274d0d1abb8304f8e184694c6a777ab461fcd89c9ff/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2023-07-12 06:15:49 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

17 of 38 (44.74%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yew6jjj3mm5gccbu4j2nbunlxaye7dqyi2kmnj3xvndb7tmjzh7q._file

Verdict:

malicious

AgentTesla

2b39f12db508039d209f6d89398822ca95c741e64516ed0226aae0dbb728740c

AgentTesla

3e24e97aba6e7432395abc346ee3484b9dbadbe803a046a84ea41529d6ed8c89

AgentTesla

4a4f33afe3086aa1962d92412fc2166c5e6b565087bbe20cc411dfc0e9ded6a0

AgentTesla

6174638ee97b4984047d575745f84d6a41e286bca39f8eca1924860b0eb545ff

AgentTesla

71b83a4a645cee8038819ee490a2b6324d287d8aac405adb1b373277dc5c23ab

AgentTesla

7e5db4d74733c673a834aed6ad6e3e312444d8d89974ed47482762ec2f364c8e

AgentTesla

a566a538d325ee3da4c86712b3cf4b305d35b2612e2112cfa8f76b511e036e06

AgentTesla

e36cf15a41affb3946975d75dfa344a7d01fb02aab6137b085b9a494ed76fed8

AgentTesla

e43e5c816ce04f8fa14c819ff2b5bfc02c03e27a4b0a6b85875ef11ea4d4489f

AgentTesla

+ 37 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/230712-jld72sde3t/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Uses the VBS compiler for execution

AgentTesla

Unpacked files

SH256 hash:

c12de4a53b633a610834e274d0d1abb8304f8e184694c6a777ab461fcd89c9ff

MD5 hash:

ee4bbc4739a0fc1c8fbac11cc1f63385

SHA1 hash:

13f7d950881ebd77bdde2afda6781d02c2c97ddb

Link:

https://www.unpac.me/results/9be0f8f2-480a-4010-9f47-4c49ebcdc2e1/

Malware family:

AgentTesla

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/c12de4a53b63/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/416607/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample