MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb8a8558b2115aacfaab53118437288023af9947a6cc2abb9a840e6e129d6a7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb8a8558b2115aacfaab53118437288023af9947a6cc2abb9a840e6e129d6a7a
SHA3-384 hash: cb50b4a3eb853ac54d364024a925fd4f7fc627cf038a90ea0c5560827935d1f8570dc6161372de51e553a20c8d1f4215
SHA1 hash: fc091e74bfcc0e6560476984f9452a546d7048c7
MD5 hash: 51885dc8cafc64b896d99c566d1c0b0f
humanhash: utah-arizona-oven-triple
File name:PPO040963RG02.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:539'136 bytes
First seen:2020-11-04 14:24:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:NsENwnRB0BSP8/4cdUmw8Sy+6dOI8xNtmvVuzjEAmD:SnRBsS84cyH8B+EamvVWj
Threatray 120 similar samples on MalwareBazaar
TLSH 1BB48EF875195CD1F52F0677E9A9BD9402B33E57CACB584C426CBA9316B3362BD0280E
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/82926/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.58529.32209.11219.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/520258
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/eb8a8558b2115aacfaab53118437288023af9947a6cc2abb9a840e6e129d6a7a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 05:26:22 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
11b16ba733f2f4f10ac58021eecaf5668551a73e2a1acfae99745c50bfccbb44
AgentTesla
227d27fd9d93676327684653aa83d4edb058bfd0e49d270c00a1c7fa134b5648
AgentTesla
228264e8f57dc120e866db9789ed5cf7456a486024dcd6d83a60c0b02cc11158
AgentTesla
22f7b5e739f3dfdec1c3c53f3909c744aebf274d6403a614124c5fb8f886d8c5
AgentTesla
25bfba7555f3b542adc0b1384711da8e2e44b5fa8141866eae52a3e81efb6954
AgentTesla
4988575523d9a0fe1fc226f972e930cf597cf8c001b306d07d7cc5750a45e38b
AgentTesla
9ac4ff140a5b0cfe898c7f1eee2bc53cef1f4db03b7fc5c5f502d3a87f7c9393
AgentTesla
a7df178348dd3563a0a0a44ec82af4b6bc15bf352337ef690fac078cfee6ec49
AgentTesla
d40978f6bcf9982f5d3147ce9717eb72435068525b91cad816cafd7cb4711bbf
AgentTesla
e630c1d94550061dccd1da06e50b378915870ce4630d646696e9b62fc1e9a8ff
AgentTesla
+ 110 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201104-la5j99gx2s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
eb8a8558b2115aacfaab53118437288023af9947a6cc2abb9a840e6e129d6a7a
MD5 hash:
51885dc8cafc64b896d99c566d1c0b0f
SHA1 hash:
fc091e74bfcc0e6560476984f9452a546d7048c7
Link:
https://www.unpac.me/results/e8319793-142c-4488-b488-4cf9e842e76e/
SH256 hash:
16306487d1b884472ab301095e603f4d3b40b330da374b780665c35b91b9c4de
MD5 hash:
b38bb0884a062bf3214cd3580028797e
SHA1 hash:
0098bc9318db13f210a14c8993441930afc0fdf8
Detections:
win_agent_tesla_w1
Create hunting rule
Link:
https://www.unpac.me/results/e8319793-142c-4488-b488-4cf9e842e76e/
Parent samples :
74561e938b5a4d9966fa56ba62082b6bcc9deecbe62984d1ebfc7db34eaf9f17
eb8a8558b2115aacfaab53118437288023af9947a6cc2abb9a840e6e129d6a7a
SH256 hash:
c9b23130021253db563845625190c28da6a192d29162570ba886903d61c69053
MD5 hash:
1d3bdb8f542a87b15b03e98f35cc90b6
SHA1 hash:
7593dcd92769022125214964cb95c2d90424211c
Link:
https://www.unpac.me/results/e8319793-142c-4488-b488-4cf9e842e76e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/82926/

Comments