MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb8cf6b203f27f3b42020653f940d2be826893d079035eac52d4d64e1102aa29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb8cf6b203f27f3b42020653f940d2be826893d079035eac52d4d64e1102aa29
SHA3-384 hash: d5650b598dde8ffd270466bea543b6a4160af4250f7d48b2685656bb2a9836de641026625ad05b02f87f149688c863dc
SHA1 hash: 4233822c7166f0f89bbc58d661b8bd40ee863a78
MD5 hash: 7686b5b1e65a327d684e1a76beca565c
humanhash: queen-saturn-carolina-missouri
File name:igfx.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:603'136 bytes
First seen:2020-05-26 07:44:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 6144:CCCtQEphNrAF3s7KhjNPB7H1DJKOFG21fBvDhPH7jPh696WXrjr107CAhT1:Cfft8ZhxBHKOsUtVnpMJ0u4
Threatray 718 similar samples on MalwareBazaar
TLSH 14D4D9423AC09500E06D2537C2D7820447F59B5265E3D77BEDAF33EB5E027EA790A9CA
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
AgentTesla payload URL:
http://induspride.be/igfx.exe

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Msilperseus-7772566-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:13:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
19 of 30 (63.33%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1cc84d3c06c9a283218310ac6d69e7161fd7605339b78035747c6f51021475ff
AgentTesla
23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
AgentTesla
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
AgentTesla
723080f3083b8428248cead3d4c3ad20883395e1d574f853bca15065d2217fad
AgentTesla
79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2
AgentTesla
8247e9152d0b43ffa80b4c82843bb0903043841c8b9c855ff312461f6443faf4
AgentTesla
e874283490ec44e6cad0729867ee2441d0eb80d76b615455babebc7f5d4ec452
AgentTesla
ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee
AgentTesla
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
AgentTesla
f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92
AgentTesla
+ 708 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201109-1b58lshqa6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Excel file xls 723080f3083b8428248cead3d4c3ad20883395e1d574f853bca15065d2217fad

AgentTesla

Executable exe cb8cf6b203f27f3b42020653f940d2be826893d079035eac52d4d64e1102aa29

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/368738/
  
Dropped by
SHA256 723080f3083b8428248cead3d4c3ad20883395e1d574f853bca15065d2217fad
  
Dropped by
MD5 1ae9543f4ed2eb11e16b3e38baacd989
  
Delivery method
Distributed via web download

Comments