MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7adb9ddc612bc2bbc52cc809b0a7b90c6f28f0b9df4fa767dccdab4d1d91c50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7adb9ddc612bc2bbc52cc809b0a7b90c6f28f0b9df4fa767dccdab4d1d91c50
SHA3-384 hash: bf2082ee9aa40b4cabaa511d009e46884c489bbb8ce6475711376a6e7d6481c38247f30ccccff3df62f53c9d0f702dd9
SHA1 hash: c6e6990439ca7e3f4afa8ceb314069d076a3c568
MD5 hash: a8d603ac6b8619693fef95d4546bd0cc
humanhash: july-table-golf-nine
File name:SecuriteInfo.com.BackDoor.SpyBotNET.25.11232.8359
Download: download sample
Signature AgentTesla
Create hunting rule
File size:314'880 bytes
First seen:2020-09-26 18:34:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 6144:UVn8Y/2+3x5spUN1yY0zyZIRkEwjuQv1RuafHP0YQkQ:U58WhWmNEYOyekEwjuQ9ggH/Q
Threatray 122 similar samples on MalwareBazaar
TLSH D364BF71ADDB0978F76B0B7680A5C4C2B1752EB63A92B70D3335A338CE2176B535118B
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ispy
Create hunting rule
Link:
https://www.capesandbox.com/analysis/66135/
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.11232.8359.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Sending a UDP request
Creating a file
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Reading critical registry keys
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Stealing user critical data
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/475880
Signature
.NET source code contains very large array initializations
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7adb9ddc612bc2bbc52cc809b0a7b90c6f28f0b9df4fa767dccdab4d1d91c50/
Threat name:
ByteCode-MSIL.Hacktool.Mimikatz
Create hunting rule
Status:
Malicious
First seen:
2020-09-26 06:49:35 UTC
AV detection:
23 of 28 (82.14%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=46w3txogck6cxpcszsajwct3sddpfdyltx2pu5t5ztnljuozdria._file
Verdict:
unknown
Similar samples:
0442367788ead3ccf0c9a36805053be48c332ab656f51667f4c08cbbfa3f3ac0
AgentTesla
0e7ba6c8acc0e3de5a31e050eb287daba683c992e12c4715730ef3ccf3bbf575
AgentTesla
80f341333728513fea45dc07c8582e5a8c3ac630de39b53ef23d1742ddc0f5d2
AgentTesla
84e0b5e6daeb11cdca531a22315506ee74a14bd6b0ae9c563fde694aa955867a
AgentTesla
8c6c41d8e0f478b1be11b938bf83066e8cf7a8b294c18c91e0b2570f464bc6d2
AgentTesla
b1c87bb82c46e28ccb5188475def1c24b3239f0508372163cd75d2abc6eaf049
AgentTesla
be732f090df2d1d81a25d0b42d6be124db61f3854fffc5f42c2294d80a83bd95
AgentTesla
c62ef08103c30d5d2d18fbc2eff820985af40aa377828ef72c3ecad495103511
AgentTesla
e548234adb2b484793484466ef99084bb77854de66782af91e38420a198b4f83
AgentTesla
f6dc39be69fcb6613defba0c9d8428d71c2a02b118383d4a49a66c6139e690fd
AgentTesla
+ 112 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/200926-w9mmjeadds/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
Unpacked files
SH256 hash:
b80155dbd80f8bc5d3f59e08df47aefa42e73612aac6e8845fad3cae516cbdb0
MD5 hash:
0478256ba4237f2e33b77f8127d9a145
SHA1 hash:
560f2cd098bd81c18174d980652b28a8c90c48e2
Link:
https://www.unpac.me/results/25592cc7-c333-47e4-8b6b-b1dd6c103f00/
SH256 hash:
a20b652de071eb9f5632fbb3c5289f24c57d5e912e75056c4b5ed2b5e1fef71d
MD5 hash:
c4978e120310ab9a9de31e2117f4d47b
SHA1 hash:
b3582630e70d71753d08e73bab94cd84546b728f
Link:
https://www.unpac.me/results/25592cc7-c333-47e4-8b6b-b1dd6c103f00/
SH256 hash:
3a26fe0df546b0e7ca5851ebfdb11f511269dcb1edefb6b5807825baafd3ecaa
MD5 hash:
cc3967afc7dc432e5ca230b59310f4bf
SHA1 hash:
c9597e8f7ed1ee29225170a557f10459507cd87c
Link:
https://www.unpac.me/results/25592cc7-c333-47e4-8b6b-b1dd6c103f00/
SH256 hash:
19d9922060be89a70b76e5c0056e751f1baa5d41819235c92cf4f5d7668e1267
MD5 hash:
811864a0b06c529af894a7fec6ddbf47
SHA1 hash:
d35b82933eb06a6ec60e8cbbdb65eb6cdcaeb6d2
Link:
https://www.unpac.me/results/25592cc7-c333-47e4-8b6b-b1dd6c103f00/
Parent samples :
afa2f55e149097f9b250142bbfd94d9d56d10649c96adb079fdb0dfdac7c6660
69e2ae11e1b5cbe120bf02301191a1cf05e87fc09b09d63bd782abbf3615d05d
0b778873c94f6bc89a40294c0e85a38ab82509260cd2a2e8b73d00c5c90e8757
7ddfa6f44a60f4b894321f6977f8121cfb371c3c61ac872c58ba61fd5ee13deb
SH256 hash:
e7adb9ddc612bc2bbc52cc809b0a7b90c6f28f0b9df4fa767dccdab4d1d91c50
MD5 hash:
a8d603ac6b8619693fef95d4546bd0cc
SHA1 hash:
c6e6990439ca7e3f4afa8ceb314069d076a3c568
Link:
https://www.unpac.me/results/25592cc7-c333-47e4-8b6b-b1dd6c103f00/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/66135/

Comments