MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898
SHA3-384 hash: 9443937ed7396413d383722e9239c89d622242588e8b4c4c9af6c3b7b56e9b215ce32675b81f15e23226462d80629dc9
SHA1 hash: 470af611c44e77b16e7327816a08141ae6f3d9bc
MD5 hash: cd97907dfa59649f4a1b346c4e4b8243
humanhash: bacon-iowa-maryland-nebraska
File name:cd97907dfa59649f4a1b346c4e4b8243
Download: download sample
Signature AgentTesla
Create hunting rule
File size:469'041 bytes
First seen:2022-12-06 14:15:15 UTC
Last seen:2022-12-06 15:38:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ab6770b0a8635b9d92a5838920cfe770 (84 x Formbook, 30 x AgentTesla, 15 x Loki)
ssdeep 6144:PBnxm/hZudIIuLp0NmbAGtHFzLmDVSHAkDFt9oS2YE9gagaIw3cjwJYgintgA:LzdIZp2EtBiDVanDFtiS2t6agaW8wt
Threatray 21'204 similar samples on MalwareBazaar
TLSH T1EBA438035C80D6FBC5D9DD7B6AD3A1E3A4AFDE684C7120FEAA85778910B0C6B53B4418
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 0070f0d8d833f020 (2 x AveMariaRAT, 2 x Formbook, 1 x AgentTesla)
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.21344.4358
Verdict:
Malicious activity
Analysis date:
2022-12-06 13:35:55 UTC
Tags:
trojan exploit cve-2017-11882 loader agenttesla
Link:
https://app.any.run/tasks/f0de1195-b583-425d-9d12-b9bdd5e56830

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/343487/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.13308.1856.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Сreating synchronization primitives
DNS request
Creating a window
Reading critical registry keys
Setting a keyboard event handler
Unauthorized injection to a recently created process by context flags manipulation
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
formbook nemesis overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/638f4ea39a505ad9423da5d5/reports/6bffe30d-e1b0-40fb-9f7e-bbaf20ea415c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ea4cff54-b26c-40d6-98a0-51da286f8733
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1129095
Signature
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-12-06 14:16:09 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
18 of 25 (72.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2b33gb23bctpnlryi6kobxoyy3sqtibjiqhmk3ywneuiomhhbcma._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
b077c634471ee290e38f9e3ced5375888f93890e6b0840b8db2c1691175019ee
AgentTesla
c1f9f8a6133d2f6f01574b1a8dafabae2376448bc7a6727a66b8070b66ff15dd
AgentTesla
d254745ca2edd62c5e9d3231b3131ae065b2e1759fe9916df96e6c14af59a99e
AgentTesla
f5d4ebc19dcb1a8676ba1459a04606b5b94e3e1a02bf11393c18e0980e8da2f8
AgentTesla
+ 21'194 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/221206-rk585she6t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
AgentTesla
Unpacked files
SH256 hash:
d43aa9f775dc2b68f93d1936b051708726b97398dc84b063102f04e723365127
MD5 hash:
ce96a4e2c607a88a38d9816a58546f17
SHA1 hash:
9997c4978caff8c4f8c3bd7173015592015d801c
Link:
https://www.unpac.me/results/8cb9b155-13b3-47c4-a641-d9e9dd0ebbce/
SH256 hash:
750312212ea1cbf953462ec11a68c0833644d92f43f3d03bd4a9836151c5b6e5
MD5 hash:
e36d3c2cf22452885614b8ea2706b786
SHA1 hash:
4fa6c1c738319dd3f9aaa8c48e093d2053e388b2
Detections:
AgentTesla
Create hunting rule
Link:
https://www.unpac.me/results/8cb9b155-13b3-47c4-a641-d9e9dd0ebbce/
Parent samples :
00c69d78bc5d6b95fdd71348537bf9b0e30d3f075ca03448fab414f4ad9425fc
d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898
e8a5765337996b5641061728075dc4432dc4809ca48e25d624f63e33962cbef7
SH256 hash:
8e9829db786fd4dd410be1a1caab3a69c7323057bacae66431c9136ef74d8c99
MD5 hash:
df65d294fe3ca49efc95270878be44d7
SHA1 hash:
3a5979a9f64f1293255c57c314528d51653be28f
Link:
https://www.unpac.me/results/8cb9b155-13b3-47c4-a641-d9e9dd0ebbce/
SH256 hash:
d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898
MD5 hash:
cd97907dfa59649f4a1b346c4e4b8243
SHA1 hash:
470af611c44e77b16e7327816a08141ae6f3d9bc
Link:
https://www.unpac.me/results/8cb9b155-13b3-47c4-a641-d9e9dd0ebbce/
Malware family:
AgentTesla.v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d077b3075b08/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.68
Link:
https://yomi.yoroi.company/submissions/d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe d077b3075b08a6f6ae384794e0ddd8c6e509a029440ec56f1669288730e70898

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2447546/
Cape
Cape
https://www.capesandbox.com/analysis/343487/

Comments


Avatar
zbet commented on 2022-12-06 14:15:28 UTC

url : hxxp://lutanedukasi.co.id/wp-includes/shenaka.exe