MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990
SHA3-384 hash: 0b16d37f5f5055e711f8b6938abb202bfa96e2ed0a2c2d85eda1866fccff8087d45202fa9fb6197763ac209ffba59b39
SHA1 hash: b18d1642ee61aa30d7cc9416e3f6f65e926d83cb
MD5 hash: 32b8dcf48bdbcdf5106e7dd29e60c6d1
humanhash: texas-river-autumn-fix
File name:NEW_ORDE.EXE
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'105'920 bytes
First seen:2020-12-21 14:01:45 UTC
Last seen:2020-12-22 05:57:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:BK58D/F08Sxye5wmIs7WqcCUA13go7BcIhGRgkbV3u86WkwyoTbtNRI+3QSin7MR:DYpJVcego7BcIAgk6oTbtNUj7SzwI
Threatray 10 similar samples on MalwareBazaar
TLSH 9135AE3429ED561AF177AF764AD074959EEEFE722703D41D289033CA0633F40DDA262A
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
NEW_ORDE.EXE
Verdict:
Suspicious activity
Analysis date:
2020-12-21 14:04:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a98cc7da-b006-4379-afde-46126389680c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.482.16696.32284.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/567395
Signature
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 14:02:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4pehp4szuw5dkyozramrkgyrr5cyi7fnoq6eygrs7iirr4rs3gia._file
Verdict:
unknown
Similar samples:
19006e1934a36332207bb746cdfad53e5264682ed947d4f6c99debecefe12f99
AgentTesla
22e8a783296dcabf49cb2c9b5f5a05b1cf670591e71130b08424a450aa54c419
AgentTesla
2ff93944081c104e8175f5209255c50e92d65f8a3e35fbf01c5f6f46237575af
AgentTesla
38025fc17a575c25042524cf59381b44c8256b673d2a754418e579139b6ba893
AgentTesla
52a8719e0795679e8336c841ddc5f6b0a74b5e423c4b71fe0db3ddbfbc3f7e7a
AgentTesla
85e4cc92a86a9824dfcf30f84f6ffb9314f3322cce17026171c422b98c200a71
AgentTesla
8a21b943ea85a94fb89a4222be1b22222b71447cc16fe9b1ef58957029210a8f
AgentTesla
8de3d12f5661c36ae89e13085dc5d4c6db3000e434f960eb80adece4aaae8219
AgentTesla
c65f59e46bf3f95dd36355588b2b1661ac61878e1ce97364ff2c9bc9e5392e03
AgentTesla
cecc7bc9b39a859e18945a6c8528af86b9d74a20ca74cd629ef03afdc6ab08a4
AgentTesla
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201221-5ryf1dye46/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990
MD5 hash:
32b8dcf48bdbcdf5106e7dd29e60c6d1
SHA1 hash:
b18d1642ee61aa30d7cc9416e3f6f65e926d83cb
Link:
https://www.unpac.me/results/df998a7e-40e6-4634-914b-e95bac3d0fa3/
SH256 hash:
55abf08a6a6ab7c7848a2bc0410d84befe6dcfa118336e2e4f1ee456a8009efc
MD5 hash:
6ce9761c3c3ae715d40a77b982d31dc9
SHA1 hash:
42a5a02eabe7d80d79408549e7686d4e44524361
Link:
https://www.unpac.me/results/df998a7e-40e6-4634-914b-e95bac3d0fa3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b

AgentTesla

Executable exe e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b

Comments