MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab
SHA3-384 hash: e2f527b7b24d3dc72831494486d3604b4a056745e8f90d7f9f3e28db1f0e7bca24d7334d24f6aefe28ebfcde5f675a9d
SHA1 hash: 419b3bd758d1226b25e54b1bbfc679b5ede0c56b
MD5 hash: ca34ecc57bbde323ee50484654a0964b
humanhash: moon-alpha-eighteen-tennis
File name:SecuriteInfo.com.BScope.Trojan.Fuerboos.2678
Download: download sample
Signature AgentTesla
Create hunting rule
File size:3'526'656 bytes
First seen:2020-05-21 16:48:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4328f7206db519cd4e82283211d98e83 (533 x RedLineStealer, 18 x Arechclient2, 15 x DCRat)
ssdeep 49152:AZ2AcZx889fvdijRf3d786Zb2u2dGioDCWhHGt8o0E2:ALcZx39f4jBN3b52dGioDCWFGt8o4
Threatray 53 similar samples on MalwareBazaar
TLSH 83F5C662261A6D9BE1D88CF4A4CAD83FE7BC42536111B9139C5D683DF582E40FB8C5CB
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4917/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Fuerboos.2678.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Reline
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 17:35:30 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
AgentTesla
484ff6267219f9eb4794c1f20aaa9562a459e0d1a787743592b1532eda3be541
AgentTesla
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
AgentTesla
5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07
AgentTesla
8ad873e8543935a9cc12317f90676019801257de4b0845414a7df058e03d6d7f
AgentTesla
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
AgentTesla
9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4
AgentTesla
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
AgentTesla
c4d2bbc3c3b3adae600631e9ab22124ce0b92588af7fabe69183469e0644cd4b
AgentTesla
f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c
AgentTesla
+ 43 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/201109-brkn3lne2a/
Behaviour
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/366197/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/4917/

Comments