MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e06b601b5ac1eee8ffc24b9948691727b1802087a72039aee20c61d5239e0cbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e06b601b5ac1eee8ffc24b9948691727b1802087a72039aee20c61d5239e0cbe
SHA3-384 hash: 5f23f2f232d5c80183bf65d4ad25cec946f084c37145f771a23377bec1f1d6d335470c303b7c71d42d0c675d316d9266
SHA1 hash: 06ffa4a022df1e39db232fae5c1b514754c31246
MD5 hash: d1f4b8a9499a3273414be554a17b019e
humanhash: july-zebra-massachusetts-golf
File name:d1f4b8a9499a3273414be554a17b019e
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'621'680 bytes
First seen:2020-11-17 14:08:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'749 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 12288:zJiDgvQ3vllOTAw5vA+VifcWsiw2pNQo9B83HatAa/Z/9EvaniY/+mzcP3qqdsU7:6+n15T
Threatray 1'332 similar samples on MalwareBazaar
TLSH 4075576AF03D285D6E9926E6ED1062ED01DBFD34BCA6910FBC5942C24C40AD49EF0DF9
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Adding an access-denied ACE
Creating a window
Creating a file
Using the Windows Management Instrumentation requests
Creating a file in the %AppData% subdirectories
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e06b601b5ac1eee8ffc24b9948691727b1802087a72039aee20c61d5239e0cbe/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 12:02:16 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4bvwag22yhxor76cjomuq2ixe6yyaiehu4qdtlxcbrq5ki46bs7a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
13207816457e33a0430e6da6d1ab86d9797f9c2895a7491c142b5b8bfee3bb0d
AgentTesla
18f1f0cd31212210131834c74f816f2c7fa78f50019257f714b616dbcb2e2320
AgentTesla
1d03a240bf6a1fc9d168fb662efefc36c878fc2c04ac07b9cd5673111702c252
AgentTesla
44cfa0be06349620b796b631d727ef0997c05097ec3cc72e0f83aed765b6c630
AgentTesla
520aa25dc0181ce1a1cede20f837c4038dcd348d060d963d9c7ffbb82307f25d
AgentTesla
55fd8bb519c78905b5b22b842cafc7e6582f567b48848180077a7c3c3a7dec9f
AgentTesla
93e18a89da6b3d7820476ce5f5feb50e384eac4753d6f91c8c31a5d6690f621b
AgentTesla
d5337707a2df26f67761dd1bcca0662ddacd4fe3a6f4ba6781aafd6d4b9f3b0e
AgentTesla
e1cfca7448e28054c1e1ef3ca5ea11921d46f85c75729310d6d4f01c955a607e
AgentTesla
fb1c77156c32d3643f2b21550110a48c3bbf869d2f0aa099b7400646e1fcaeb5
AgentTesla
+ 1'322 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/201117-sq6c9y3k26/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
e06b601b5ac1eee8ffc24b9948691727b1802087a72039aee20c61d5239e0cbe
MD5 hash:
d1f4b8a9499a3273414be554a17b019e
SHA1 hash:
06ffa4a022df1e39db232fae5c1b514754c31246
Link:
https://www.unpac.me/results/596a2cd0-7384-4d1b-bd6f-9e419f594d47/
SH256 hash:
d991a7e2043ce10c079fd4adaa82a225eca0edbe8f4e3cca7fb05a03fa0f5315
MD5 hash:
e1590d74364d4c18cf0f5203a4f91580
SHA1 hash:
48c0201cb57a51e79225dab844be2ad482d2a64c
Link:
https://www.unpac.me/results/596a2cd0-7384-4d1b-bd6f-9e419f594d47/
SH256 hash:
12ab1a3fa5bae32691e3f8f2eef768f817be2614aeae98ff8e65e594644aeec3
MD5 hash:
7dc79471f0235279e0a0e2c761590d50
SHA1 hash:
b3304e65617ae1b490d1c2ee444845efbaf5292c
Link:
https://www.unpac.me/results/596a2cd0-7384-4d1b-bd6f-9e419f594d47/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments