MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58
SHA3-384 hash: be54bb1504e27e67eb541fc9710fd511ad35a3cf99e37b1d267f0abaafebef2a0a337064a03508e2dbca662bbba59c3c
SHA1 hash: 30be594335de83dd6dbbf5ee0258a06559a3116e
MD5 hash: b78cdf155ce7cf9f5fc9ea9d1ab603b4
humanhash: low-nitrogen-alanine-gee
File name:1DwuK1VzL1UJwXs.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:884'224 bytes
First seen:2021-07-13 10:48:37 UTC
Last seen:2021-07-13 15:07:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:yR0J6bFWL2mRamHj/yA2zzF+nAWOawUJT7h7CFz5J4EvYFjCFcXN5GnTOdU+CHpU:l6bAL2momDK2B1B7hGnJ4EvY+qd
Threatray 6'638 similar samples on MalwareBazaar
TLSH T11E159D2C23FEA409F237FE719FA4F3499E6676BA9229904D5DC4030A5461D80FE77932
Reporter lowmal3
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1DwuK1VzL1UJwXs.exe
Verdict:
Malicious activity
Analysis date:
2021-07-13 10:49:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7e45c891-d959-4618-918d-0a26710df79a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/171352/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.925-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5dd0bbfe-e13e-4a7f-818c-4f57e954261b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/815467
Signature
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-13 09:32:51 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y5qhxs6avt67q4z576fe64eqberw3jkt2makxqwq36mlhzwhb5ma._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
086b930d1a631edf83cfe41204603a67e9cf4661ecee97761f7dcb8f87bb6e70
AgentTesla
3b657298a18c54b3d55c3e5001fff9b6933b6f58bd3dd0b4a73de1307328917d
AgentTesla
528c4017fc8019572354de7746bba7978bb1ce0c9508e42644799712fb5ea869
AgentTesla
5bb1ec5f6be562ca2beec31d45c6cce4b811283b225e3f2654dbfbe5cc8f07de
AgentTesla
988015476a43d916c6d49009eaa2e262246ac18eaf1615113262cd3540708450
AgentTesla
a83fc1372384a42b479adbba691e5de280f53df2045b1b7246d05f6003dac8af
AgentTesla
c08e280570de9dc368e7fa90a6da1f047c059e70bff357ef99e4b3fac88b4b54
AgentTesla
c6cacd1d2bfb210318a62cabce8045f5735cd9a0e58c3aea8d3ec2174f6d7abb
AgentTesla
df54a04599bb3953ffcf067a4308e01dafe8ac2c9064bdd3fbc3a441725a06f2
AgentTesla
fe71bef6acadf2feb1a19c9e51543be0cacb245a5ce034b7510c72912996580e
AgentTesla
+ 6'628 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210713-dl7swtd2xx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
cb6b8f198dd9d081cec97303434be59998cf031a604e59e3c08467104f13ba54
MD5 hash:
1e1f12d5a3f0bacd208082f35e5107cb
SHA1 hash:
f770587abdd864a08a0dff967ac34a7615f8f47f
Link:
https://www.unpac.me/results/ac423c9d-6eb2-473a-84b9-bcceffe5018a/
SH256 hash:
668b31dbb418aab12ea00572152907e5935f235fd379650631300bc6e2316424
MD5 hash:
18dd70dc84227ed720f7657f1926c760
SHA1 hash:
eed841633c12a0fa7ab3d27ba94c1c676bbd9081
Link:
https://www.unpac.me/results/ac423c9d-6eb2-473a-84b9-bcceffe5018a/
SH256 hash:
e74fd412892a030fbe672627461d2b62747c8c92b48a03b38c5a6e89049b911d
MD5 hash:
66fc3a5758c83f13b93692831bfbb6b5
SHA1 hash:
e2402bb310faa8c605ada810cf84bc0a0ae9a364
Link:
https://www.unpac.me/results/ac423c9d-6eb2-473a-84b9-bcceffe5018a/
SH256 hash:
aef7f2c805e7cd14c67ec1ec3bf0cc3d653a2309e132f9bc4206144f5f6c7986
MD5 hash:
99fb0a1ce5d94d95bfe9c239af27a1bc
SHA1 hash:
111df77e7e075cc210875ca3e6f6732fe4c662e4
Link:
https://www.unpac.me/results/ac423c9d-6eb2-473a-84b9-bcceffe5018a/
SH256 hash:
c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58
MD5 hash:
b78cdf155ce7cf9f5fc9ea9d1ab603b4
SHA1 hash:
30be594335de83dd6dbbf5ee0258a06559a3116e
Link:
https://www.unpac.me/results/ac423c9d-6eb2-473a-84b9-bcceffe5018a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe c7607bcbc0acfdf8733dff8a4f709009236da553d300abc2d0df98b3e6c70f58

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/171352/

Comments