MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6a75088ee8293c02df25db896d753b7fb9e769c7301805b15082d7568ff73c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6a75088ee8293c02df25db896d753b7fb9e769c7301805b15082d7568ff73c3
SHA3-384 hash: fc3ab1d8cd121be28d72d12ee1c4df16a8902c0d20ef4f90729a0b2b2ac93658984a3519b22e4ba4e2d5c79501e76325
SHA1 hash: 0fd9e65a5ffad01cad5676a4aa2548efb44c9c93
MD5 hash: 6a1b8dfaf5a9326aae4498011ae3e734
humanhash: music-november-chicken-illinois
File name:BOL.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:522'552 bytes
First seen:2020-09-25 05:25:59 UTC
Last seen:2020-09-25 05:37:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 6144:VOnJca2zaKjy2SlsHUWDvVSH8CEXxxeeeYUIaOjgK3smoT/0KEXT5oTVuOHj9q:VqiqKjFSlOUaSbEBxeeDUIg8p
Threatray 167 similar samples on MalwareBazaar
TLSH E5B46B5C21838A66EF2EF239C120C0795D25266527E0FF39B7FD4B3AD91414BB22652F
Reporter cocaman
Tags:AgentTesla exe

Code Signing Certificate

Organisation:Symantec Time Stamping Services CA - G2
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 21 00:00:00 2012 GMT
Valid to:Dec 30 23:59:59 2020 GMT
Serial number: 7E93EBFB7CC64E59EA4B9A77D406FC3B
Intelligence: 85 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/65699/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.29424.1374.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %temp% subdirectories
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/474698
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Contains functionality to register a low level keyboard hook
Injects a PE file into a foreign processes
Installs a global keyboard hook
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect virtualization through RDTSC time measurements
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6a75088ee8293c02df25db896d753b7fb9e769c7301805b15082d7568ff73c3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-09-25 00:53:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
20
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=22tvbchoqkj4alpslw4jnv2tw75z45u4omayawyvbawxk2h7opbq._file
Verdict:
unknown
Similar samples:
02343c3fa1176e06ba37758a53edefdeed2200f470dc184cb2d45406f2e16d38
AgentTesla
0442367788ead3ccf0c9a36805053be48c332ab656f51667f4c08cbbfa3f3ac0
AgentTesla
0e7ba6c8acc0e3de5a31e050eb287daba683c992e12c4715730ef3ccf3bbf575
AgentTesla
62afb1cbcacb77aa2ca99cc55c0e3536738415289f53c4a3a57d9b9cc08ee5ab
AgentTesla
80f341333728513fea45dc07c8582e5a8c3ac630de39b53ef23d1742ddc0f5d2
AgentTesla
885179565290381c8e8e883f1e4c776507c1ddd3bfa8902f432ea31fbf01c683
AgentTesla
8b59bb0de82bb4ea040c01288665d92022d47b8a2c426c573181dffe650e3a8c
AgentTesla
b1c87bb82c46e28ccb5188475def1c24b3239f0508372163cd75d2abc6eaf049
AgentTesla
ee568c524241c42a0f17daa23dedb52e377c89270ccd4cfd5ca4a8177b0f6719
AgentTesla
ee5d1f995e8d669ab4c9273672b02af132b998e009088e7598c3e97d6d370d0e
AgentTesla
+ 157 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200925-7d18tngt2s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Loads dropped DLL
Reads data files stored by FTP clients
AgentTesla
Unpacked files
SH256 hash:
d6a75088ee8293c02df25db896d753b7fb9e769c7301805b15082d7568ff73c3
MD5 hash:
6a1b8dfaf5a9326aae4498011ae3e734
SHA1 hash:
0fd9e65a5ffad01cad5676a4aa2548efb44c9c93
Link:
https://www.unpac.me/results/27e99b93-1ad3-410c-9015-57f380fd335c/
SH256 hash:
320444484679c79af690626ac786b77b00bd96579b8a848d41a59641e4bf6b7b
MD5 hash:
9908ea120ae72c64145379d3c8e57b05
SHA1 hash:
473665a6977701c12677832258ec63b0a9c2acc0
Link:
https://www.unpac.me/results/27e99b93-1ad3-410c-9015-57f380fd335c/
SH256 hash:
b80155dbd80f8bc5d3f59e08df47aefa42e73612aac6e8845fad3cae516cbdb0
MD5 hash:
0478256ba4237f2e33b77f8127d9a145
SHA1 hash:
560f2cd098bd81c18174d980652b28a8c90c48e2
Link:
https://www.unpac.me/results/27e99b93-1ad3-410c-9015-57f380fd335c/
SH256 hash:
19d9922060be89a70b76e5c0056e751f1baa5d41819235c92cf4f5d7668e1267
MD5 hash:
811864a0b06c529af894a7fec6ddbf47
SHA1 hash:
d35b82933eb06a6ec60e8cbbdb65eb6cdcaeb6d2
Link:
https://www.unpac.me/results/27e99b93-1ad3-410c-9015-57f380fd335c/
Parent samples :
afa2f55e149097f9b250142bbfd94d9d56d10649c96adb079fdb0dfdac7c6660
69e2ae11e1b5cbe120bf02301191a1cf05e87fc09b09d63bd782abbf3615d05d
0b778873c94f6bc89a40294c0e85a38ab82509260cd2a2e8b73d00c5c90e8757
7ddfa6f44a60f4b894321f6977f8121cfb371c3c61ac872c58ba61fd5ee13deb
SH256 hash:
884b29ec2d0e205c4c880a569806daf4f25933f12e05c34dd9e6b568c17c986f
MD5 hash:
82ebcbe5d76052fe7e22cbc69bf7d7b4
SHA1 hash:
fac7b45e7bc91bfaff648df7ce4b23bd323537a9
Link:
https://www.unpac.me/results/27e99b93-1ad3-410c-9015-57f380fd335c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d6a75088ee8293c02df25db896d753b7fb9e769c7301805b15082d7568ff73c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip acaa42c473937e0435f751511cb7d3c27f975ef8802ae420e077f758fbddcb0d

AgentTesla

Executable exe d6a75088ee8293c02df25db896d753b7fb9e769c7301805b15082d7568ff73c3

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 acaa42c473937e0435f751511cb7d3c27f975ef8802ae420e077f758fbddcb0d
  
Dropped by
SHA256 cbe44b8272b4f765456832941ea4b44a5c90ffa8a4b604d95aefe3d1e5a0a4ea
Cape
Cape
https://www.capesandbox.com/analysis/65699/

Comments