MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5a2e34a8816a75fe9d6cd9b9035040ea5777429dc7eeebc0ebb7f8a4d897495. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5a2e34a8816a75fe9d6cd9b9035040ea5777429dc7eeebc0ebb7f8a4d897495
SHA3-384 hash: 9f16877ffba4c6b88550eb61ebca62bdc15236e034cbbe72e529755824adec9d5bbad3e6d85caaa797eb373e0b4f5714
SHA1 hash: 524fd72b7d1d73c3f227d2d4f8aa71707dae6cd1
MD5 hash: 9f60da024f7d8466407d9c4400216b88
humanhash: red-single-magazine-ink
File name:9f60da024f7d8466407d9c4400216b88
Download: download sample
Signature AgentTesla
Create hunting rule
File size:941'056 bytes
First seen:2020-11-17 12:19:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'454 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 24576:T9W+p0hVB+6DbM8ckiziIt7lLOyEr/pg:J1p0tDXckYthL7E
Threatray 1'398 similar samples on MalwareBazaar
TLSH 9C15BE502B00AB1AF0BD83BA95C45C1AE3F8EC47D317CA657CAD39DD55D0F62EA20A53
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5a2e34a8816a75fe9d6cd9b9035040ea5777429dc7eeebc0ebb7f8a4d897495/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 09:02:41 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wrogsuic2tv72owzwnzanieb2sxo5bj3r7o5paoxn7yutmjoskq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0a41900b78aa8ad61d42ee6cf76f4045093ea691d6a0e0ab6d535f6bb6ddb907
AgentTesla
19006e1934a36332207bb746cdfad53e5264682ed947d4f6c99debecefe12f99
AgentTesla
19a8a4216e0f95f9c4ad7d8318599a9e91791867e3b757b16eae9b2f1e38a143
AgentTesla
52a8719e0795679e8336c841ddc5f6b0a74b5e423c4b71fe0db3ddbfbc3f7e7a
AgentTesla
8a21b943ea85a94fb89a4222be1b22222b71447cc16fe9b1ef58957029210a8f
AgentTesla
8de3d12f5661c36ae89e13085dc5d4c6db3000e434f960eb80adece4aaae8219
AgentTesla
97c73eb27f164d01020de5531c96adb305bfdd8e6ec727bfaf65a2fa7b02638a
AgentTesla
aa7bb4cef770d1c8fe06f5e4d7a0bff3c2947df233dd5c78f731a154c07f5013
AgentTesla
abf3d62c029da4a935ffde31a6559242200cc0b0483c0b552e714d54170407a6
AgentTesla
fdb7a6062629817446b0ca39ab05f73ecda6a5b145f416b3b485856e5052e7c1
AgentTesla
+ 1'388 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Link:
https://tria.ge/reports/201117-y685nqn2kx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
d5a2e34a8816a75fe9d6cd9b9035040ea5777429dc7eeebc0ebb7f8a4d897495
MD5 hash:
9f60da024f7d8466407d9c4400216b88
SHA1 hash:
524fd72b7d1d73c3f227d2d4f8aa71707dae6cd1
Link:
https://www.unpac.me/results/3cc24908-8d02-4fda-a426-af3d0408002b/
SH256 hash:
c8671a87d685f2354d96f3cfcad530dfa5f3ec535a0f5ec14940d81fb857813b
MD5 hash:
b5358f677850210361f573c7d249c258
SHA1 hash:
215e06e319515d779efa88f7c05b343d6ec3f6a5
Link:
https://www.unpac.me/results/3cc24908-8d02-4fda-a426-af3d0408002b/
SH256 hash:
c6fcf5d515d56cf746b4c4aa4695f11e9ad7f6063a96cda810bf39dc47c5a7a0
MD5 hash:
47509d9db24c975e55c287afdc459fad
SHA1 hash:
4f1f893555c985d7cbba731cf1fdbf49c6ecf793
Link:
https://www.unpac.me/results/3cc24908-8d02-4fda-a426-af3d0408002b/
SH256 hash:
fa5bb10dce698458c4a3f310272d2ef23109615d3c736050c0767fe58c84dbc0
MD5 hash:
04daf82a83183b0518e26745c9aa8da2
SHA1 hash:
85ad59a7085db63e4c0b12a28b0e9076e8f491f4
Link:
https://www.unpac.me/results/3cc24908-8d02-4fda-a426-af3d0408002b/
SH256 hash:
5b2e0ed70cce121ffafbd0a5bfc4e9ce1e4870a212940dc4c4c1dd919000404a
MD5 hash:
ff7805f5c8829121e7db0c665a0d6a8d
SHA1 hash:
f59934cf7d27363d6e72d638262785bb0579d091
Link:
https://www.unpac.me/results/3cc24908-8d02-4fda-a426-af3d0408002b/
SH256 hash:
b5cb3b571b23a7d1384921f0f08efc050d54e2de48f2e88adb69ba1492d17ee2
MD5 hash:
51f553591712b63a8e6efa2523fa8e79
SHA1 hash:
f916b2c2b7f2cfe224334f6f6af49231b67e297a
Link:
https://www.unpac.me/results/3cc24908-8d02-4fda-a426-af3d0408002b/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments