MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 d8f76c967bb63224cb646cb16ec37c2897ea87a9104c5e6ee115019877d02a86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 12
| SHA256 hash: | d8f76c967bb63224cb646cb16ec37c2897ea87a9104c5e6ee115019877d02a86 |
|---|---|
| SHA3-384 hash: | 07462f804023d97a4757d60fe23d48a70bb6b707a1a29eef59a4e3438f41e0545a1fb99e6b4a2107a03d94331d3c1721 |
| SHA1 hash: | bcf776754e4bacd50cdff6d8454a85e4ecb45e33 |
| MD5 hash: | c4d59bc2e7791a198c325098e9242336 |
| humanhash: | autumn-minnesota-enemy-iowa |
| File name: | รายละเอียด.exe |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 663'552 bytes |
| First seen: | 2023-12-22 06:55:51 UTC |
| Last seen: | 2023-12-22 08:18:17 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'660 x AgentTesla, 19'470 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 12288:MK4momWOHSOqJJ/ZAiRphRkbsKjOURX/Urt7+a7jwcMMvLcIzuLy+:6b/BP2ilRk4wj/cxjKOzuLy+ |
| TLSH | T16FE42254B7BA5553EDAF0AFA9963151187BD21232A22DBDA0DC220DF0CE0B61D7407EF |
| TrID | 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10523/12/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9) |
| File icon (PE): |  |
| dhash icon | 0060796969697000 (8 x AgentTesla, 6 x Formbook) |
| Reporter |  abuse_ch |
| Tags: | AgentTesla exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
277
Origin country :
NLVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Verdict:
Malicious
Result
Threat name:
AgentTesla
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
PE
Detection:
agenttesla
Threat name:
Win32.Trojan.Generic
Status:
Malicious
First seen:
2023-12-22 02:36:54 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
19 of 37 (51.35%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
agenttesla_v4
agenttesla
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
20f1680a43917237e1b10ce52abc600f3e75b13225a119498bb74ddd77f5f6fd
MD5 hash:
7a2c3bc8fecf18e55709e564671cc7ad
SHA1 hash:
af3d0eccf1aa788ec70bf5c91a86f41557089e68
Detections:
AgentTesla
win_agent_tesla_g2
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Agenttesla_type2
INDICATOR_SUSPICIOUS_Binary_References_Browsers
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
INDICATOR_EXE_Packed_GEN01
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Parent samples :
d02530a2bac21b47a1ecaafc185ddb11680c9a90d0fcb2c52b7b081b952f1cd2
ceb6f399a046b0e60f5c9f3eca3fb08dc49989350d2fc2cd1079aa3dc79b31b9
d8f76c967bb63224cb646cb16ec37c2897ea87a9104c5e6ee115019877d02a86
c177812f5ee5c7643659dba85dcdb7d86134d2a437a8c7934c9b63eb3a5b4530
fcaff63b58fa89a2682cf2f21485df3cd0e37a424aa947fd05106a00b1e8f95f
ceb6f399a046b0e60f5c9f3eca3fb08dc49989350d2fc2cd1079aa3dc79b31b9
d8f76c967bb63224cb646cb16ec37c2897ea87a9104c5e6ee115019877d02a86
c177812f5ee5c7643659dba85dcdb7d86134d2a437a8c7934c9b63eb3a5b4530
fcaff63b58fa89a2682cf2f21485df3cd0e37a424aa947fd05106a00b1e8f95f
SH256 hash:
2d7476d18db0b21c7c69727a12e01ac88c03d44abbb008375f2d0caec6bda21c
MD5 hash:
cf0e0ce4234aab87388b37e2da8ae68e
SHA1 hash:
8881b0a7c205902c683aadafbb15da48efba515a
SH256 hash:
1b2da92af4f302d4bf71e3b6057ae6a116ef04aee16596d014a68b7d8c9d41bf
MD5 hash:
48bba01e1602fb865a9afba1d82b66ee
SHA1 hash:
56cc82e991c01ffb2996423a2d51586169adc59e
SH256 hash:
85e575c8b432b0a3e41731b7dd26d4755b0cc7e7a0370a4e0c55405ad43d66b2
MD5 hash:
7de26cf980696b977a1e4772b2a21f6c
SHA1 hash:
21c2ab3b0bf254ff77ec3b52e02488b2b66a4dce
SH256 hash:
d8f76c967bb63224cb646cb16ec37c2897ea87a9104c5e6ee115019877d02a86
MD5 hash:
c4d59bc2e7791a198c325098e9242336
SHA1 hash:
bcf776754e4bacd50cdff6d8454a85e4ecb45e33
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.