MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64ea8304be5107ffc6268d99e1e9d0df0b62ffbce75f56278df9d052a996966. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e64ea8304be5107ffc6268d99e1e9d0df0b62ffbce75f56278df9d052a996966
SHA3-384 hash: 23ee4c742e0f23e54fe088576eb65d6b98d7ace86bea778986ba826b56eb1a427aad7dc0a1a2cdeb49ff4ff4cee20a67
SHA1 hash: fff887589738d8938e3f3ac6e15249868a60912a
MD5 hash: 67a819b5e19ed9246ad1846ca8949444
humanhash: washington-enemy-sad-march
File name:67a819b5e19ed9246ad1846ca8949444
Download: download sample
Signature AgentTesla
Create hunting rule
File size:805'376 bytes
First seen:2021-07-20 10:21:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:P230nJDB0iiU3Y17ctGIhNPpNOvjTdwIDTS5tNoQXhBqRWoMQv8FTwxpi8Knaw:DnJyiiU7NPDkvXSl12LTvOTYKnj
Threatray 7'072 similar samples on MalwareBazaar
TLSH T1AA05D07343550AEBE2B850B990112101A2F9828AB2D3FB763DC51AD870F5FADD3F751A
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
RFQ- ROTO Fittings- 19072021.doc
Verdict:
Malicious activity
Analysis date:
2021-07-20 08:56:08 UTC
Tags:
exploit CVE-2017-11882
Link:
https://app.any.run/tasks/5712b02c-feee-48ce-babd-1682bdda664c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/172774/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/167ba809-657c-42f7-ab79-dc1e7548f788
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/818829
Signature
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e64ea8304be5107ffc6268d99e1e9d0df0b62ffbce75f56278df9d052a996966/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-20 10:21:06 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
37460f8b64f82c8e240b3ded6f2858fb5fdd6dcafb9446883d32f6fbac72cd1a
AgentTesla
87f457ba8f4862675443b38afcfd286f9294df03e36c5903ff680e095653c5f8
AgentTesla
8fcd181aee4fcb60aa5769acde96e8154ad99c054b10d195163116df1fb3f8e1
AgentTesla
9b861d5c1057588b79c265ddc4008887a65c817a9db181a19d617721077613d4
AgentTesla
ab60d5b65256f7c5b8d4ad51b42e3f4aeb6debcb51aa623923783c8287b991bc
AgentTesla
b61ce2ba6202961ae774cdc021d9e33737a0d75072d230ad93b9247dccbdf303
AgentTesla
b69c6670b90d4fd6f6100614e54fe4a357fd6e8cab84c9428e0d1d8715243ff7
AgentTesla
bc5d82859d4b7c567fa029977042a8e6629a2d1b3afa92b6f52a33d3006a068b
AgentTesla
e07335516ed23d5b7613c88001a44158c352aa5f15824aca61cec87200eaf2e5
AgentTesla
+ 7'062 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210720-ltlvzlxh5a/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
38ec7a5934fbe3faba575b3f6116a7c9c0145dc1dc131083df530c7a3c2ae4ad
MD5 hash:
f561bd80a1629b3f62c8819e0649fc00
SHA1 hash:
f490fb83c218f13c019b980d2572d053036043d0
Link:
https://www.unpac.me/results/63f466f0-653b-48a4-85a6-b9f343e5fd54/
SH256 hash:
82a4065578bf324c5a382d4e43510bfe37dc2d4accaa25792aecea77c7387714
MD5 hash:
ecff0ff8f308ad9a7ab4e8d8c6632f1f
SHA1 hash:
b2149cd8ad0767e9ee467d85f7f5d97494ecb07a
Link:
https://www.unpac.me/results/63f466f0-653b-48a4-85a6-b9f343e5fd54/
SH256 hash:
098dd552c23d32df2ed5ea1f059904a21771a02a1c497f254fab9d14d585f2fe
MD5 hash:
56faa527d6851b43499bb62cef52cc36
SHA1 hash:
7c8cd69633a7d8e239cd33f0abd6aebb5c49dafb
Link:
https://www.unpac.me/results/63f466f0-653b-48a4-85a6-b9f343e5fd54/
SH256 hash:
557e595591b2449ce1683710618393157c247e3f90fcb926e2a81738ea1ce74a
MD5 hash:
4a75ee44de95d3a35f96e0deeb5a0b92
SHA1 hash:
1b8e203271037de63d4f848e003df5f165e5b878
Link:
https://www.unpac.me/results/63f466f0-653b-48a4-85a6-b9f343e5fd54/
SH256 hash:
e64ea8304be5107ffc6268d99e1e9d0df0b62ffbce75f56278df9d052a996966
MD5 hash:
67a819b5e19ed9246ad1846ca8949444
SHA1 hash:
fff887589738d8938e3f3ac6e15249868a60912a
Link:
https://www.unpac.me/results/63f466f0-653b-48a4-85a6-b9f343e5fd54/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/e64ea8304be5107ffc6268d99e1e9d0df0b62ffbce75f56278df9d052a996966

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe e64ea8304be5107ffc6268d99e1e9d0df0b62ffbce75f56278df9d052a996966

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1468143/
Cape
Cape
https://www.capesandbox.com/analysis/172774/

Comments


Avatar
zbet commented on 2021-07-20 10:21:01 UTC

url : hxxp://maritradeshipplng.com/wayss/father.exe