MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e28ed19326e3b7a86441b0e66f286e70fa1f9cf0131d5821e303d4ea6225fe06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e28ed19326e3b7a86441b0e66f286e70fa1f9cf0131d5821e303d4ea6225fe06
SHA3-384 hash: 724c750eff100f9109b50a4d29638dd44af02447e2adae9d94140070f0bfa6b732dc2d356ecde12587338ef2dfa7a21e
SHA1 hash: 226bff0ac82db67af62af84f317ae7661166a87d
MD5 hash: 05a4b216e1bd90db4d06e5a24868b350
humanhash: white-colorado-zebra-idaho
File name:e28ed19326e3b7a86441b0e66f286e70fa1f9cf0131d5821e303d4ea6225fe06
Download: download sample
Signature AgentTesla
Create hunting rule
File size:848'896 bytes
First seen:2020-11-13 15:34:53 UTC
Last seen:2024-07-24 22:22:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'752 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 12288:dVl3vZf9MdROzj/VEYEji9AC8oNJBxqEU/EKsi65B9FCQWGCnLHgnjvCpVip3y/:nxwdROXVEYyiOSNja3SC9TUDCQi/
Threatray 1'231 similar samples on MalwareBazaar
TLSH 01059D112A98AB28F17E873BC464582097FAEC43DB66D96E7DF034CC9571FE18622707
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching a process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e28ed19326e3b7a86441b0e66f286e70fa1f9cf0131d5821e303d4ea6225fe06/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-11-13 15:38:12 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4khndezg4o32qzcbwdtg6kdood5b7hhqcmovqipdapkouyrf7yda._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
262a211656d15bead6b81f0755443a6e8aff1a3316318b326355a575087e39d2
AgentTesla
33f7282b31a19d0c54b18855ac47c10fa5a482a77ec94c10738744d6f9041d29
AgentTesla
4893bcf8553f34fcbd61f3da087f9e9ed9f8f0ec50d9a121859316642e055524
AgentTesla
4ceae1221e49d53bb92eff3f817abe974127605c00ca21d72184ee71ca0bb036
AgentTesla
56c026a1b3db5b77e3d01e2ef5f727cae05b34e19fd01055ee1ba374bba3af5f
AgentTesla
69b99d16f072c6ab2687da255681f3f1c3a97746bfe516b206644a5056a99425
AgentTesla
8272b74901554c30f76d69d2d73685da505283e0ee95fbc21cdcd0a47560d337
AgentTesla
b156d54df509f02bed378383dc278b7da2a6ba2db0846d4c1086a3196c5bd8db
AgentTesla
b329339955fe03c374ef32667a175ff2d0a8ac1df1b930f7afcc1e44bed3d89c
AgentTesla
c8f9155cc97bde13afcdba0abd2264f8a91c73c39a8cfb4f8559a8276237e708
AgentTesla
+ 1'221 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201113-gxamvn65q2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
e28ed19326e3b7a86441b0e66f286e70fa1f9cf0131d5821e303d4ea6225fe06
MD5 hash:
05a4b216e1bd90db4d06e5a24868b350
SHA1 hash:
226bff0ac82db67af62af84f317ae7661166a87d
Link:
https://www.unpac.me/results/c4d9735a-7afa-4f69-a3c3-72f3d87b502c/
SH256 hash:
b978d8c42267150356282c6bdba0859e4326659b55facf415355e84da5f2f303
MD5 hash:
2f71760fad919e26b089e36a5b723bd0
SHA1 hash:
53fef0e963121c5db5230f2f928c0fd65cee837e
Link:
https://www.unpac.me/results/c4d9735a-7afa-4f69-a3c3-72f3d87b502c/
SH256 hash:
e278e44869b4560ae8cab37e0d71ef79ede0f73a5b4176ce04db3c2818cec336
MD5 hash:
057c210911045f8f4a62ff3cacc31829
SHA1 hash:
8f779ff6231c764901c16e688bc44aba69acb5f5
Link:
https://www.unpac.me/results/c4d9735a-7afa-4f69-a3c3-72f3d87b502c/
SH256 hash:
cc865fb3784b2f31b9502e3469adc46c1946c86455c63dd25b076fafe4dfab59
MD5 hash:
5d476df2ca1b9355ebf70253ec0118e4
SHA1 hash:
b0f5fc2d119bec1ddd84e3a95be17dcdec73d2fe
Link:
https://www.unpac.me/results/c4d9735a-7afa-4f69-a3c3-72f3d87b502c/
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
Link:
https://www.unpac.me/results/c4d9735a-7afa-4f69-a3c3-72f3d87b502c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e28ed19326e3b7a86441b0e66f286e70fa1f9cf0131d5821e303d4ea6225fe06

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments