MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8fd60e02919b35511d2de6b238933cacc3b5cfb75598076a3923e5544ee44ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	c8fd60e02919b35511d2de6b238933cacc3b5cfb75598076a3923e5544ee44ae
SHA3-384 hash:	87bd30a313cd82e39cf0dabf4c7a8145577917033a48b9ec5666696ae47f081e28369be94136ca82cd14bddb0cb75269
SHA1 hash:	eb55546e49269276c0a9043c7626842a3d447415
MD5 hash:	c2c93e2d4e06abc2c4efdf33e05bf727
humanhash:	india-charlie-mike-bravo
File name:	Property.vbs
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'384 bytes
First seen:	2021-05-20 14:04:16 UTC
Last seen:	2021-05-20 20:18:44 UTC
File type:	vbs
MIME type:	text/plain
ssdeep	48:f+n9+mUBVECDUx4p2uAAL2MqoUn/VhClD+Rh:GnQm0qCDvL220/jC8X
Threatray	4'926 similar samples on MalwareBazaar
TLSH	46415121B3ABCFA6747279710122847C32C98DF6BC9271484CC7C6F784A46DA87B1C67
Reporter	abuse_ch
Tags:	AgentTesla RAT vbs

Intelligence

File Origin

# of uploads :

2

# of downloads :

102

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/159669/

Detection(s):

SecuriteInfo.com.VB.Trojan.Downloader.JVDS.1906.26256.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Launching a process

Creating a process with a hidden window

DNS request

Sending a custom TCP request

Sending a UDP request

Creating a file

Creating a process from a recently created file

Using the Windows Management Instrumentation requests

Forced shutdown of a system process

Enabling autorun by creating a file

Unauthorized injection to a system process

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c8fd60e02919b35511d2de6b238933cacc3b5cfb75598076a3923e5544ee44ae/

Threat name:

Script.Downloader.Heuristic

Status:

Malicious

First seen:

2021-05-20 14:05:12 UTC

AV detection:

6 of 47 (12.77%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zd6wbybjdgzvkeos3zvshcjtzlgdwxh3ovmya5vdsi7fkrhoisxa._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

109a40435ad446c7b03af30bb049f55275a659c0271fa7a8a1a59d5871d18c10

10a30b9776bb8981976fe678e4538e68c8fbbb0a57f34934978b3df7238be8d5

33b2e62e08629bd097db93a9307d133cfc2fb8732c10a75c2bce199f56408e9c

5f06da67169389577ec237bfb0c3e0e9203833048f48081deed7b6201ad18c27

61097d05c78d0654fa42c1a404e96526b06c657df602a8a7a2ac58e1a60b52db

713984a9d714e58c92b1338df4c54b55da27753d18c09d6a45427fd85c145454

777a1b5eb79e751f4684f825ef2a5df80433a2d4e20f921d4f747e904793f3d2

a465bb35f4e7bafb2fea17156c39daee286e49c3f10463ecb8d29766e2d0b200

cd91b0fbaabf19d178f3a221c517418378913af82ca88856a07cbf0df506f117

d2d9b66c9aad0e6cc20a786a89299a8b4a65a5a344db369dfd7bfbad3fb40b55

+ 4'916 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/210520-rfy1clz3le/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Malware Config

Dropper Extraction:

https://ia601407.us.archive.org/26/items/all_20210519/ALL.TXT

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c8fd60e02919b35511d2de6b238933cacc3b5cfb75598076a3923e5544ee44ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/159669/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample