MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2df8e72382149481c403e6a2d52dbb93daeb046e8ce23247ec763f50490be96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2df8e72382149481c403e6a2d52dbb93daeb046e8ce23247ec763f50490be96
SHA3-384 hash: 760be27b84ba60833b130bacdf22108676ebcb02ece744ae0c018c860d273bb9a5761bb6e17386f9224597373aa263fe
SHA1 hash: b6117dab3430d5b818b08f3ebb7c12deca11f84d
MD5 hash: 1227892c3334d9b166e1276fd478196d
humanhash: wolfram-beryllium-fillet-moon
File name:1227892c3334d9b166e1276fd478196d
Download: download sample
Signature AgentTesla
Create hunting rule
File size:435'200 bytes
First seen:2020-11-17 11:38:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:N9lciPkvdlrGwYRbVw2CP9QYGtIg38DOgtGOb6n9RRRdBHMlU8LF:WiYd0vRnCPyZsDOgYOe9Xt8LF
Threatray 1'286 similar samples on MalwareBazaar
TLSH 6894013166D2BE97E76A2FB1906231441EB97D27AA34D70D7E8C008D2171B58DBA0F73
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Taskun-9791093-0
Create hunting rule

Win.Packed.Generickdz-9792504-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Forced shutdown of a system process
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2df8e72382149481c403e6a2d52dbb93daeb046e8ce23247ec763f50490be96/
Threat name:
ByteCode-MSIL.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 06:09:20 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ylpy44ryefeuqhcahzvc2uw3xe625mcg5dhcgjd6y5r7kbeqx2la._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0692a4e8916df354987539ff2781631f65e7b691df4f558b6b510ab5c63bd070
AgentTesla
395aadc58bde92d29449ba1d349f39e73205f9e2794cbbbd397f85796c91de77
AgentTesla
4ac466c76827f1d0ea87e1cd6e58df30d182e89920208ea888f1434b03f2e227
AgentTesla
7c2f0c42ed478e241d2fdb2580915342c5dbd50acc3fafa26908ae73a581eb3f
AgentTesla
8a21b943ea85a94fb89a4222be1b22222b71447cc16fe9b1ef58957029210a8f
AgentTesla
9dcd9722bae8dd0260f641d522553454b3f7fbc8df49ebb989a9257f38f42cec
AgentTesla
b01f7611f2b3df678999e9894cff8e215404a57581bb78b2e81f121d2690b8be
AgentTesla
c78e634f44b015861a2ff2b1ab448ca78016378cfdb15e9e482aa9606b416f8c
AgentTesla
d2adec41dcdb2142c210a4025572e29e1c011d079fa04504b35ab55c03376a16
AgentTesla
fe9cf9f4d0469600816043ec62c509aee82e223af4ae582c9b537e649d4249cb
AgentTesla
+ 1'276 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201117-6nxqrhrdea/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
c2df8e72382149481c403e6a2d52dbb93daeb046e8ce23247ec763f50490be96
MD5 hash:
1227892c3334d9b166e1276fd478196d
SHA1 hash:
b6117dab3430d5b818b08f3ebb7c12deca11f84d
Link:
https://www.unpac.me/results/d46e09ff-940f-4ced-ae47-cd07259367a5/
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/d46e09ff-940f-4ced-ae47-cd07259367a5/
SH256 hash:
c505fd637c99378bf28b554f53e6e9cf1fb3cc91d9f2c5665142df173b922165
MD5 hash:
af2002a5461cbbc28fae377f4c4284e7
SHA1 hash:
aaf755a0102b70f403b6165b191a41d092151c71
Link:
https://www.unpac.me/results/d46e09ff-940f-4ced-ae47-cd07259367a5/
SH256 hash:
ed6a28411d34dd60e4ad775f2b3def89652007ed860b40dd14ea3110b52ab702
MD5 hash:
10b312b559c77db3e505904446fd8622
SHA1 hash:
de3b943df8cfed7f28b0084f6c3528b070d2c553
Link:
https://www.unpac.me/results/d46e09ff-940f-4ced-ae47-cd07259367a5/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments