MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee8cb2212b511830647dcb59d321714d9b2a18ffa2c983b8f17e6cd049adf0fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee8cb2212b511830647dcb59d321714d9b2a18ffa2c983b8f17e6cd049adf0fe
SHA3-384 hash: 09d80dfdbd1c2b010faa96455435da1110f62baf2f62f20cf7c7b452a0a996bd22260790cb9b3289db5581f7a48c59b4
SHA1 hash: e3eda2ab0de49c47aa54b9ca2df356ced6001b68
MD5 hash: 211ea7546d0136d9a81411f33f65618a
humanhash: oklahoma-finch-apart-tango
File name:211ea7546d0136d9a81411f33f65618a
Download: download sample
Signature AgentTesla
Create hunting rule
File size:957'952 bytes
First seen:2021-07-20 09:21:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:KvDBlBPIOBP/GCG1qcwW3XuoA3V/pqh/TDgkEru9:ypPDP/GDtbXvA3qNTDX9
Threatray 7'072 similar samples on MalwareBazaar
TLSH T1C615E1363217A104DC3887F91C28D1B16BBEAC2A563DC7782EC8EDBF3D726685AD1541
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
211ea7546d0136d9a81411f33f65618a
Verdict:
Malicious activity
Analysis date:
2021-07-20 09:24:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cf3db60a-f6a0-4a9e-9fbd-5ff8857234c7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/172750/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.935-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/db0b1492-8b3d-4d6b-9914-eed49bd7e3fa
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/818785
Signature
.NET source code contains very large array initializations
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/ee8cb2212b511830647dcb59d321714d9b2a18ffa2c983b8f17e6cd049adf0fe/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-19 19:37:33 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=52gleijlkemdazd5znm5gilrjwnsugh7uleyhohrpzwnasnn6d7a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0c35aa6b6d20fcf5548bf0c482b8201629b078fbf8a01ce58eb3d15f233a5d5c
AgentTesla
3f4689ec7f18f1c30786b9953ed1fccb79f806a233aeb730fff83b432adf87bf
AgentTesla
46f0e45dbbf592ca7ed929b193254ece1cc22c3719888b8aafc32685dcd64f5e
AgentTesla
7869ecfcf6a7380c9b011d0a7bdb334f0f4d16cba20e3c5533db88c558ff9220
AgentTesla
78a4a4daa01d5c5456db2c27fdd985885775bd94be0c179ad739fc462630f70b
AgentTesla
908bdd0a542953cae5067c4b83a16cb8eade4890a70951f974703d8e3a67b7dc
AgentTesla
912b144b5fef68669aa8737bb6c810bd007a3b10e5c5b7310ac35101e8fb3c4c
AgentTesla
e8f40ad1b59a06f7e29b6626a46fd7d0023c3d82ba75dff99bd8e9a5d8ee054a
AgentTesla
f447a943893a7871b02a8a6cc992c31604b3bd6ff6f2ec184a3af14f3384954d
AgentTesla
+ 7'062 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210720-lzv9kz2ccx/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
c7b4c0f7bbbbf9ea7e0ac6514106d666d9d7457399e6ccaa51cfddeae1a64a17
MD5 hash:
02a996b81fccc63aee5c54e1d29b1306
SHA1 hash:
ba1f8bd5709bc2bba5b7e353162e82eb53200c23
Link:
https://www.unpac.me/results/10ece652-c3a9-47c8-9ad4-d6170bc2b806/
SH256 hash:
249b94eba522a36982226c36644b367b30af7fe4c5eade4586500247bf87d97d
MD5 hash:
539fd857236554e7d76da2c5f162e77b
SHA1 hash:
8d3eb57abfe71ae01d3d0e78cf8c9085a1884f69
Link:
https://www.unpac.me/results/10ece652-c3a9-47c8-9ad4-d6170bc2b806/
SH256 hash:
6a1d4b1eb5d38327e41f0dcc7b60e63c70dfeb4ede30647b3bdd4d11c71e291a
MD5 hash:
3ef420190a2266fa173593c3f52167c7
SHA1 hash:
8299854b8393f857832c459988d486d74a11bcd2
Link:
https://www.unpac.me/results/10ece652-c3a9-47c8-9ad4-d6170bc2b806/
SH256 hash:
83d9e44d9a311ea6fdbcbd09fdc816a2067806dcacf24beb5ee786191b1a3ea1
MD5 hash:
b1a7b752b6638ee03cffe5a1dde9213e
SHA1 hash:
52d215a173d2f293990f8c12fc7f4a86330a29cb
Link:
https://www.unpac.me/results/10ece652-c3a9-47c8-9ad4-d6170bc2b806/
SH256 hash:
ee8cb2212b511830647dcb59d321714d9b2a18ffa2c983b8f17e6cd049adf0fe
MD5 hash:
211ea7546d0136d9a81411f33f65618a
SHA1 hash:
e3eda2ab0de49c47aa54b9ca2df356ced6001b68
Link:
https://www.unpac.me/results/10ece652-c3a9-47c8-9ad4-d6170bc2b806/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee8cb2212b511830647dcb59d321714d9b2a18ffa2c983b8f17e6cd049adf0fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe ee8cb2212b511830647dcb59d321714d9b2a18ffa2c983b8f17e6cd049adf0fe

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1468137/
Cape
Cape
https://www.capesandbox.com/analysis/172750/

Comments


Avatar
zbet commented on 2021-07-20 09:21:12 UTC

url : hxxp://maritradeshipplng.com/best/ob.exe