MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c55324a3338b9bc22115173268c046b348c71864347552938edff7132830eacc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c55324a3338b9bc22115173268c046b348c71864347552938edff7132830eacc
SHA3-384 hash: 7c0467d3ce7c1def433518b5ec6452bead9554668339d5f37af69fb52f67c0f9f89c515d1f8d90b374d43fdfd154f4e4
SHA1 hash: 41bbf6808a488dff246b605f5640b403f621a147
MD5 hash: 9307f47769c237710365aaa4ca511fe7
humanhash: virginia-four-kitten-minnesota
File name:SecuriteInfo.com.Generic.mg.9307f47769c23771.3966
Download: download sample
Signature AgentTesla
Create hunting rule
File size:270'848 bytes
First seen:2020-11-05 17:41:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:KZZNGnP1PFZsrWOyVig1WFl/uRjLuAU67T/civ:8GnPvgbg1cuRjLuT67f
Threatray 40 similar samples on MalwareBazaar
TLSH A9447DB8E55A5CA1F66F4576E6D9BD9803B33293CEC76D44432CF2910AE3791BE0240E
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/83338/
Detection(s):
SecuriteInfo.com.Generic.mg.9307f47769c23771.3966.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a window
Using the Windows Management Instrumentation requests
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c55324a3338b9bc22115173268c046b348c71864347552938edff7132830eacc/
Threat name:
ByteCode-MSIL.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 11:08:09 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yvjsjiztron4eiivc4zgrqcgwnemogdegr2vfe4o373rgkbq5lga._file
Verdict:
unknown
Similar samples:
23bd17fba8c0cb660dada2c952431dc7e335bbdfb8e34078da941a29652526d5
AgentTesla
322cdafdbecbb10cebb964011c87d6c5fff3951cf2b71fe3cf9e92636ade84b6
AgentTesla
3ace6737f911fd058ebb134141744ebefd7100c6f72ae4e978e5f33fa7ec4551
AgentTesla
4585051dc6b7393255db1838a6ced5e5005da977ea7be332cc6540bcfe0379fc
AgentTesla
8a953841629e0122e04d2b8cd56422a90919139f5d00df5f00b804752ce519cd
AgentTesla
a4336636fb933c27fbd31d4d08e3c888aa6a36e915e3d783f9dbce3c93ce7539
AgentTesla
c840b9cc10bcbae0e575a43bb9ef69b5cb2ca7c4df9760f155a3ab4d2f689272
AgentTesla
d2ed9e1008393560f0d117258892b7c6a67031184fd0566a98707b278349617a
AgentTesla
ed184e1c76f982d9537a281ac7cc805179e72d9ca538e7ff202e7be38bfee6ae
AgentTesla
ff734df4d09afad52e931fce898a5497b78081fbca44f091e55a3da4b47c1350
AgentTesla
+ 30 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201105-zfmda6sste/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
c55324a3338b9bc22115173268c046b348c71864347552938edff7132830eacc
MD5 hash:
9307f47769c237710365aaa4ca511fe7
SHA1 hash:
41bbf6808a488dff246b605f5640b403f621a147
Link:
https://www.unpac.me/results/9457d9ec-157c-4ce0-845b-f0ce9298bf9b/
SH256 hash:
2d9a0cda6cd82a74dd42c6448440d9355558da95999c3b4a37a9a97ffdb59e43
MD5 hash:
a5b8c200c77ba0eeb5749ac2f1fb5f0f
SHA1 hash:
2b7c7ca0e39c98b72b994699a6b1bc27f53de784
Link:
https://www.unpac.me/results/9457d9ec-157c-4ce0-845b-f0ce9298bf9b/
SH256 hash:
8c2d84a9b55c01364552e49c0dc1c71dbb2740968e214efffae3cf27fe950c6b
MD5 hash:
473a3e6d860e0f9eb0691c8b58567bb2
SHA1 hash:
d8f9fb3cd0c257c3dfad2d98cb13cb3d6fd5185a
Link:
https://www.unpac.me/results/9457d9ec-157c-4ce0-845b-f0ce9298bf9b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c55324a3338b9bc22115173268c046b348c71864347552938edff7132830eacc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe c55324a3338b9bc22115173268c046b348c71864347552938edff7132830eacc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/789946/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/83338/

Comments