MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4ce64cdc542c8733eb5b0445875887874d467ee1f13ef1a2bd6e7d568d3f97d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d4ce64cdc542c8733eb5b0445875887874d467ee1f13ef1a2bd6e7d568d3f97d
SHA3-384 hash:	b3f88c4696173c811af0aa3a11802343ab9f4fa40ca29537d783dd7a28a221030ba71a30aee231e314be3ef6fde5f77e
SHA1 hash:	707de83dc87de02ea7f3addaa835a6d25462d6ec
MD5 hash:	4aa06983aa6fe8be033ca7a67ca04b0d
humanhash:	mobile-ohio-spaghetti-virginia
File name:	New Order.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	521'216 bytes
First seen:	2020-08-18 10:53:42 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a9faaf32646a3afd481c4ac664821756 (4 x AgentTesla, 1 x AZORult, 1 x FormBook)
ssdeep	12288:y+b5Gq5Q6xE10R7ZgRrMQMwb5p4BBlWwJO5R6Co6ISxe98w:db5GP8d6rRMw9pa5JWRy6+8
Threatray	9'418 similar samples on MalwareBazaar
TLSH	98B4E025B950C480E5800238B50EDF69B33DBC3D5A65864E3BD57BA73EB249D9026FCB
Reporter	abuse_ch
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

68

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47687/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a file

Running batch commands

Launching a process

Sending a UDP request

Creating a window

Using the Windows Management Instrumentation requests

Reading critical registry keys

Stealing user critical data

Unauthorized injection to a system process

Enabling autorun by creating a file

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/d4ce64cdc542c8733eb5b0445875887874d467ee1f13ef1a2bd6e7d568d3f97d/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-08-18 10:55:05 UTC

AV detection:

25 of 26 (96.15%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2thgjtofilehgpvvwbcfq5mipb2niz7od4j66grl23t5k2gt7f6q._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

2b5d96d018098da5990f2d6d721ab925efd4422c13cccf031775b6fddd5f801e

464e7363198201699fa0503be713d1776fb07eefc63830cd08494f26ec93ba8b

50d83791145d6b09c47fc90279d568bff571181c97d9dad9ab63c3e9c9b935af

574f46006cfd1caa512756f6a27e6ce2140124d77f1a979c2c12d0d63652cd5c

5b9992f4588e6337ada6ed55a1f39fe4a229f31070a04df1c32d18e3c1b0a0b7

66178c5a45af58b7b0710d3867d501cbef090c10817fd1ebf5555477c2c32098

6fefda6e593a6be7de5636905b89eef16e82b904e95bf88245ee067b84cebbed

8433ac6d87185d65251a833f4f37ac4095395d2751da1ff95e8d9d4e53656480

cac726f6b0bcb60af61033a9a59ae886ee7466f65e20185cd44be43c80386e7d

d3dc0fad4580b2c3d0f5bfe27fd99d66b20f2a2c65c219218f9e6628a9df5d2b

+ 9'408 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

keylogger stealer spyware trojan family:agenttesla

Link:

https://tria.ge/reports/200818-mndgtj9fw6/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe d4ce64cdc542c8733eb5b0445875887874d467ee1f13ef1a2bd6e7d568d3f97d

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/47687/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample