MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbc1b2bb407f02710060a11cdd74386337b92597af3d8de8c1d90c33672868ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbc1b2bb407f02710060a11cdd74386337b92597af3d8de8c1d90c33672868ec
SHA3-384 hash: 7ff414897c8f5fc4dfdb7c1ac0dcb804c9170222312be26568e39c465ada8fa20ead5d52294be331ffdcd74e291c27e4
SHA1 hash: 91773023d0437a48a62275c69cd8d0cdf96456d4
MD5 hash: 248f40bb024e9f735881b9b91193e3b6
humanhash: freddie-dakota-snake-vermont
File name:cbc1b2bb407f02710060a11cdd74386337b92597af3d8de8c1d90c33672868ec
Download: download sample
Signature AgentTesla
Create hunting rule
File size:747'008 bytes
First seen:2020-11-09 21:11:04 UTC
Last seen:2020-11-13 15:31:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'660 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:x/vLpSfL8wR+bexdv+0qs03qszK/hqv0GJ41GMeqvi6:x/vLpSfLrR+4dvHu3/ZMxvi
Threatray 1'046 similar samples on MalwareBazaar
TLSH CBF47AB706FC29EBE16917389427120A4F60BF326933EE0EA97578F42B72FC04566D51
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Unauthorized injection to a recently created process
Creating a file
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cbc1b2bb407f02710060a11cdd74386337b92597af3d8de8c1d90c33672868ec/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 00:30:51 UTC
AV detection:
24 of 47 (51.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zpa3fo2ap4bhcadaueon25bymm33sjmxv46y32gb3egdgzzindwa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
08f9ff6bbe01d3fab54974c872fbdf2f8fa1fd1f32649c776f0626030169272c
AgentTesla
09ffd88cbd13cd8439d94e1b593d0d3d358dd5455d39f5b0c2a860095141a250
AgentTesla
1596485ee8331651ad1cf0e3b2bbff49bea4be5f8b1b051e6e520582b73b36f9
AgentTesla
37be898f8c2b0f9dfc4663070ae1ac1fd0f4edc08760d5c40fb18c7353f7f476
AgentTesla
40e302fcbc592e6f845df3a731f3204c3026ebc929d290f77477857a4dccb559
AgentTesla
44cfa0be06349620b796b631d727ef0997c05097ec3cc72e0f83aed765b6c630
AgentTesla
aefa2f5a8448c792183fedf9d025becfb782102b749c0fe3be273975f2dc3b61
AgentTesla
d11ae1d5e09d63aa386479af620faf3b9053d12e6d3a8a1353aba274fef2153e
AgentTesla
e38e6ac839b8009c1c6d467ed4206f912c39a15af7a1fa7ba4a2a854e441fe50
AgentTesla
ecd685994c047195bf8a03b9e4a4ea800b970285806a417a9160153da37f76cb
AgentTesla
+ 1'036 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-q73zb4plqe/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments