MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd68a939631bc27a38fba500b03efd3268f5a3269880f3e635347de8b6ba2d2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd68a939631bc27a38fba500b03efd3268f5a3269880f3e635347de8b6ba2d2b
SHA3-384 hash: 7f20623761018ee17d8f3daf1696c7c07bb28f69f47f3c88d3145cdd560087e15a12adf71eee58d177a8436c744d521f
SHA1 hash: 736f57476f4bfd55189495bcfac64b111e0efba5
MD5 hash: 56aae990feeb528f25647a93602d0ba9
humanhash: william-coffee-beryllium-north
File name:Draft Pro inv.gz.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:891'904 bytes
First seen:2020-12-03 07:24:46 UTC
Last seen:2020-12-03 09:13:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 24576:3kBKF+5QFV6ej2AhIxplwJmi4yqb4kzz:3kBKFbFxCAyplwR2Dzz
Threatray 1'619 similar samples on MalwareBazaar
TLSH 7F15F171B19A7F48E77957F4257029009FF578AB2230E3186ED2A0DE39A6F085E10F67
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/106504/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6083.8761.3147.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Gathering data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/554325
Signature
.NET source code contains potential unpacker
Binary contains a suspicious time stamp
Found malware configuration
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Scheduled temp file as task from temp location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd68a939631bc27a38fba500b03efd3268f5a3269880f3e635347de8b6ba2d2b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-03 02:08:22 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvuksolddpbhuoh3uualapx5gjuplizgtcaphzrvgr66rnv2fuvq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1d4629f9ef456b0d63a51442a9d19597baaafe09ec18ca734e9a6c8a8e818028
AgentTesla
1d6004838e32ca7b5763964c99d3c92fc591c7b21d0de3595a7da27794ec5ab6
AgentTesla
4161062ddc367ebd6b08a08f420179c18bed01f248860ff695f9e513fed16ce1
AgentTesla
4574055c204f272af805107051d06291970dfa5e1f05fafd268f17b499b3ebf8
AgentTesla
590d1a6a1fa00812284d4f5e4f47cb34d4965c79bfc9ec1741f2a8e14967719b
AgentTesla
7b3834838c8089d4af4508d5961ea134c7ae331dfe350381f38fb6ffda679726
AgentTesla
e6efc787bb6b6506150aca14be1966713c7a28f55788af42902e500779818228
AgentTesla
ea4d7ae710b25f166a8d0a4254983d69ac60da4f6846bf912362c00f8e25c382
AgentTesla
f148b6ad99c39c47a48a82fc4959b98ccfed28b35556ea3e0f07d0b8911d5e15
AgentTesla
feb639dabb33ddc8d08dc3065a7a869225419d52be2aa0ec247377607a426ef3
AgentTesla
+ 1'609 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201203-ch44t7gxnx/
Unpacked files
SH256 hash:
cd68a939631bc27a38fba500b03efd3268f5a3269880f3e635347de8b6ba2d2b
MD5 hash:
56aae990feeb528f25647a93602d0ba9
SHA1 hash:
736f57476f4bfd55189495bcfac64b111e0efba5
Link:
https://www.unpac.me/results/1813a7c9-d182-4fbe-8514-ec9bb7cae7cc/
SH256 hash:
b46c3655d543ce54e747b163ea4a3c7994ef264980cb0c6c681ac0336a5f953c
MD5 hash:
cfc33d0b702864e7563a4aa3d1fa3928
SHA1 hash:
2b6760ac89a0fcbba90d5cd44b883188a00e288a
Link:
https://www.unpac.me/results/1813a7c9-d182-4fbe-8514-ec9bb7cae7cc/
SH256 hash:
c88a66cbf00b12c88e2b970b8bc220e970e8465e56098ced24e97d42be901b94
MD5 hash:
a60401dc02ff4f3250a749965097e13f
SHA1 hash:
3f22d28fd765f831084cb972a8bd071e421c26a1
Link:
https://www.unpac.me/results/1813a7c9-d182-4fbe-8514-ec9bb7cae7cc/
SH256 hash:
496bd4754018521afae246625ed7734baacaaa452812dc1d281879cd86b9ae64
MD5 hash:
6974385190b157ee5ba96ff85a55f300
SHA1 hash:
aef1d06eb745ef12b8ea9b8c215f4ad43f4bfc6d
Link:
https://www.unpac.me/results/1813a7c9-d182-4fbe-8514-ec9bb7cae7cc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cd68a939631bc27a38fba500b03efd3268f5a3269880f3e635347de8b6ba2d2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bcd36fa217d09dd1d90bc822cc1caea534b06ac26847fa7277bc14857f07d75f

AgentTesla

Executable exe cd68a939631bc27a38fba500b03efd3268f5a3269880f3e635347de8b6ba2d2b

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 bcd36fa217d09dd1d90bc822cc1caea534b06ac26847fa7277bc14857f07d75f
Cape
Cape
https://www.capesandbox.com/analysis/106504/

Comments