MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
SHA3-384 hash: 8fa105c5ea0bab0bd49715141225008bf67948cbc4a6e31ef2bb92dabc22b35826d389c62a51a8dcb4d2deb12ec26e58
SHA1 hash: cf931cc095810a6efa2017176d2e7b9613fc89b3
MD5 hash: b7ea40ee19fb8e18cee2309060b89572
humanhash: wisconsin-high-quiet-lima
File name:d873f30f48805a3dbab8c976665c26fc9c661e23f3b82f143fdd7346268b595a
Download: download sample
Signature AgentTesla
Create hunting rule
File size:522'240 bytes
First seen:2020-06-17 09:19:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 720f62ecaae027b5c3ec6686644322e9 (12 x njrat, 8 x RevengeRAT, 4 x AgentTesla)
ssdeep 12288:nzeVQkTrvj4uVIVm3w02hh3YXJxeMRQNSdKIO220tvR0XQl5VD00S:nWQkTf4uVI03H1xRWSdXOT0DawD07
Threatray 144 similar samples on MalwareBazaar
TLSH 2DB401186090C377C567413588F5CA709B7A707857AE99E3B3AD3FB5AE212D4A72C2CC
Reporter JAMESWT_WT
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19319/
Detection(s):
Win.Packed.Bw1eij-7171767-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Win.Trojan.940648-1
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 03:01:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0f88360504d8d31ba8c9313f9237e0e0e65cce7670291fd948db57a8a21eb5df
AgentTesla
1ff495dacc5d548ac9899ec1622b0408b9948ac485f0f7d782d2a3cabe94e2b8
AgentTesla
349c6730ddc5b8a6969dadbda237829f6cf52f57101ecb03adbb4024df5da299
AgentTesla
43a0c2443d1a63d4cc498bae9d459590b37379d5dd57a625545fa484a99d3fb6
AgentTesla
46ea1705549840fd45e067930511c81a0b8979698f98e4b170b9a93b27a6ed0a
AgentTesla
647fee1c3bc734439133bd78fe6519ad349501ac7a83e179601950f97fe96e1f
AgentTesla
a9e51c077a3cb18a4fbb72e9a01bdbbeac7f78da7eb0462a6c191f5956ae83a1
AgentTesla
b8fbf85d1eab97ed168f99eb07d13294594675a051c2056b5374630d81fd974d
AgentTesla
e939047540fd58d605f6e259e9be2e2370f51e79246b34c2d01acc94cb19b4dc
AgentTesla
fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7
AgentTesla
+ 134 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-ljzpc2j4s2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_blackremote_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19319/

Comments