MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5b11657c8bcb70e2f3f041ad8b18e7e1b425f35da31110bcd1ddb4c9d8713b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5b11657c8bcb70e2f3f041ad8b18e7e1b425f35da31110bcd1ddb4c9d8713b3
SHA3-384 hash: 2d4517fa955c2f8d8c43afb1415c745b03744233133e59098e1d3cc8f06580a2611b22743f3ca00238fe6b686b9fd09b
SHA1 hash: 450ad791c27df67188c2aa0a13dd61c12efca933
MD5 hash: c82b16e748441732c3314f743276963b
humanhash: uranus-nebraska-seven-yellow
File name:A.Al-Khoory QUOTE_78621.exe
Download: download sample
File size:854'528 bytes
First seen:2020-06-15 20:08:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:3VDaKQzEpr3m9dLRn+XLR5VQvgf/94MPZDrFjI1wZRmXwU:l/7pradLtuL1hf/jFjzmXw
Threatray 401 similar samples on MalwareBazaar
TLSH DB059ED1F389ADF6D81A03B58C76DB152067FF585AB1821E255DB01A6DB338330E2DCA
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/8258/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34016426.19424.29719.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 17:21:25 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wyrmv6ixs3q4lz7aqnnrmmopynuexzv3iyrcc6ndxnuzhmhcozq._file
Verdict:
malicious
Similar samples:
02fafe7d00909727bb91670774f201dc8ed5122c7c0c6c25c2c8b227b6a77df4
3f8c2a8d34d7d3f61451ea1beb9d9671cc50aa2cbe39d700a08d0215b8b7163b
6a812ee04fdb54b0576e2e51bb705d2a7f2d14f86601f718385087310a3df257
7039c80d82fdcfed16711652027522d8a99a311be6a1ceed3c25776a495968de
7758c91a218460dfc6cc95e5c106c50431cdd6cad667b4e8c98bee960ff06b3a
addd02b5623bb29f4cb564b9c228184123a33a94e8308a28c8e74be662e120b3
b04d6c5e4e1759d306dbec63b416be318058ff1698e8ff4b022bad89c7636e29
d97d1614a199d784c0697ff01eff3e4d195dd07e65879a59b3b805d2088ad8a9
debcd0af0a58eb42e8547392527d9daf5993826d3b53f795369d712c48ac2b12
e86863fab85a50441e0e576550d74ef97d8a3e82085ead6e5fae22930de1866c
+ 391 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201109-49hzaayyk6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Uses the VBS compiler for execution
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/8258/

Comments