MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1
SHA3-384 hash:	43c4ea1fa24dcaa351a9250d4d9b9907ff0daa8ba4eba61baf4d7a582d71fd81ad9949cae41c4b6cae9b82cf557c0025
SHA1 hash:	a2545f5c8af6da03288dd0b24ddc72fbb35cad2d
MD5 hash:	b438cf5e9aa34e6cfa3d8d27d2649326
humanhash:	aspen-steak-nuts-zebra
File name:	nnLfl
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	128'512 bytes
First seen:	2020-07-13 05:28:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep	1536:4iNarDCgADwBHDMWnByYgQw+bVK5sFwhS5MpOFMJQuIxIz1hVGAF4qV6Bt6q7:4caOKDMGyYDb7wheHCaIz1hVGFwYYg
Threatray	10'650 similar samples on MalwareBazaar
TLSH	B2C3757703A45B1EE1BE937CE9D254308BF9AC2DDF02E7413E49138647E2B249E19B46
Reporter	JAMESWT_WT
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

68

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/24949/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.59922.24611.8288.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending an HTTP GET request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1/

Threat name:

ByteCode-MSIL.Trojan.Scrami

Status:

Malicious

First seen:

2020-07-11 18:40:10 UTC

File Type:

PE (.Net Exe)

Extracted files:

3

AV detection:

33 of 48 (68.75%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

hawkeyekeylogger

Similar samples:

029905c8789b5194e3f20a0a818bbd8922d113ce41ac880fe44f56d39b6a6356

09e757213c16dcbf36424c974ffb22e19e8204ee9eda994211669d586454a347

0a6b52ec47bedcc73a84174c590088452c564354e09c334733f5d67132a788e1

0f40a48444a9c944c02ea8e4917d11b5ece5145c66ba04c3879cbd02396fe68c

0f75f6670487368f4ba9f5cf419f8f96433a2c4176bd2d07c4a12d0c83963abb

0fb739ef1d92cb9e84d30184e289bdcc2e1d851d302e69665d34ce9768c3ddbc

131f3fff31bb1df7e811f4eb38f3e8a5aec66ef9ea6a80c4a4665a677c88a04f

6a7f627bc830ae50b3f45f762361e60b62741a4bf05fd36bdad734fdc6cf57b1

c9bc0f924534c4e87535971e5ebfc21bd3a5c4e205c7be750b88bd8ddd0d02c5

f680bde2f9df0bf77497f36b16e0b1a8b08c847b4e9be02f9842e7d457169437

+ 10'640 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

persistence spyware keylogger trojan stealer family:agenttesla

Link:

https://tria.ge/reports/200713-c3982jshpa/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Adds Run entry to start application

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Blacklisted process makes network request

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c4c846dfa5755910d28a93a91ecfea8dcde72860fea03da1a47adf9ce65470a1

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/24949/

URLhaus

https://urlhaus.abuse.ch/url/412192/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample