MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce8de6e2f70e2c2e688ef8dd1693a0356b01ce9a31e06a0b6cb11b8eceb2509e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce8de6e2f70e2c2e688ef8dd1693a0356b01ce9a31e06a0b6cb11b8eceb2509e
SHA3-384 hash: 8e9848a255dc1a7c525ff0985fc3a3b59a0f32cbb88a1aa813745c0b2f49f9d7f7772575208482edf54e512b95d265f3
SHA1 hash: 200d3b68dc2e4dda25f8ea942fa933fa0d07b224
MD5 hash: 619dbace8d8804afd537f80a1a611042
humanhash: romeo-stairway-missouri-wyoming
File name:QUOTATION.r00.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:742'400 bytes
First seen:2021-04-26 05:53:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:57cDhABA1FzCokuBx5lKS+mzLFmHpd3BkVBsxr/Oib1UphyKU1TIFR6:57cDhABA1cG3KS+aIUebl1U7yn1E
Threatray 4'192 similar samples on MalwareBazaar
TLSH 4AF4E02562AADF95E57E93B890244544C3F2FD27E732EA9C7EC470E90A72F804752B13
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
QUOTATION.r00.exe
Verdict:
No threats detected
Analysis date:
2021-04-26 05:56:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8c683906-2694-41b1-9d37-44a3d7b0b8c9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/144189/
Detection(s):
SecuriteInfo.com.Malware.AI.1537019893.28012.22492.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/697317
Signature
.NET source code contains very large array initializations
Allocates memory in foreign processes
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ce8de6e2f70e2c2e688ef8dd1693a0356b01ce9a31e06a0b6cb11b8eceb2509e/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-25 22:35:35 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2g6nyxxbywc42eo7dorne5agvvqdtu2ghqguc3mweny5tvskcpa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0c4becf98ece563f70f8dfa9c490b09eb5e0a7b8ee7e1ba73dc866946a65ceb5
AgentTesla
10e11ba4d54aa4219160cf1dc6e124bd697e91cfb85d23b170fdb74d1ac45c6e
AgentTesla
2058a16dae0afbc5a8be6091073e6e56f95469be12da77ef04f40fdd9c522b75
AgentTesla
3332ae8c0f7892922ad49600076bf9f76080ce02a6071be444299815f26c66db
AgentTesla
3a5623d763b895b780916c6fef0ee21ad608aff73024b0e982c4f9a3d8778172
AgentTesla
3d8f71d1e009a04ceb350dc6d2d4026cde866c67aa1466957e67d5b2021f431d
AgentTesla
43a41d6ef8788ee60b4fcf90d5741dae5dcf0a5d58f1b1f38bdf59298d2840bc
AgentTesla
ac9a33415eb6ec83ead8f10e2f749b5d5c53f7fb9e758d686e1b01819b44c86a
AgentTesla
bdd3e02711a244f9cdb3af3fed65a5b94fdce88a3a5686b3f32bef9f64ceb555
AgentTesla
e07ba21e5d098a88ce3e45d9ed869b30726c31bd13b6a88205a80265a45f605c
AgentTesla
+ 4'182 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210426-wx1v5kg7rs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
e90a19eba5f2de3ba82f652221105bb0682b07c20abddec487c6f4354ea79c39
MD5 hash:
efb0de4397ea61e17d262e278b53ff86
SHA1 hash:
727fdf2ceb13262d56bdda24a02564fb3e80c8b0
Link:
https://www.unpac.me/results/389b985e-c8ce-4f33-92ea-f6f5487844c8/
SH256 hash:
ce8de6e2f70e2c2e688ef8dd1693a0356b01ce9a31e06a0b6cb11b8eceb2509e
MD5 hash:
619dbace8d8804afd537f80a1a611042
SHA1 hash:
200d3b68dc2e4dda25f8ea942fa933fa0d07b224
Link:
https://www.unpac.me/results/389b985e-c8ce-4f33-92ea-f6f5487844c8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce8de6e2f70e2c2e688ef8dd1693a0356b01ce9a31e06a0b6cb11b8eceb2509e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/144189/

Comments