MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f132a49b6940edaa008fdf3b73fb80ffec67e83ff8ffd8eec657386fda9c48a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f132a49b6940edaa008fdf3b73fb80ffec67e83ff8ffd8eec657386fda9c48a5
SHA3-384 hash: c41ec6561ccfd7a197cb84149b91d7b044c4ee95289a44b839726fd3cda258afa6e527f119e95ccf1c6136498a02b971
SHA1 hash: 4bc7c04efb2b20a33ff20c1aae7a7d30def54dea
MD5 hash: e232daf01c9f30b923f857531983961d
humanhash: montana-nineteen-july-july
File name:Salary Oct.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:289'792 bytes
First seen:2020-10-30 12:15:20 UTC
Last seen:2020-10-30 14:08:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:yj2PL9IS65ltGerXLwZMb8agYUV6T3hDOCaqd/HtT534pJpJ4M5boI1U0Eh4guOT:yyeXDTg3mhRd/NepJpJ4M5boI1U0Eh4i
Threatray 34 similar samples on MalwareBazaar
TLSH 18541214CF1E6243ED9E5EFEF53616C6E23C132D2243F35B156D30961A24DC82692BEA
Reporter FORMALITYDE
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81220/
Detection(s):
SecuriteInfo.com.Backdoor.MSIL.GenKryptik.d8373926.26609.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Using the Windows Management Instrumentation requests
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/516928
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f132a49b6940edaa008fdf3b73fb80ffec67e83ff8ffd8eec657386fda9c48a5/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-10-30 10:27:33 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ezkjg3jidw2uaep345xh64a77wgp2b77d75r3wgk44g7wu4jcsq._file
Verdict:
suspicious
Similar samples:
1976401042595cb4dcafcd63e68461eab1af172f9442252b605bf4f0a49531f4
AgentTesla
2e4775c5d181f37f4a0802a9982601352f0a7de1ffd74909024150572ed6522b
AgentTesla
36e711a66774ed0b6457f8d442315a4d1b5d06781a8ab1254abda5ba824bb816
AgentTesla
5b832740ae1f2a5c2c10e37aadd6d0b74d647a9ff853f091a2262ef0ae2c672c
AgentTesla
6c7db3cbcde67820238124f2e18f872ead9184460bcfb2ab23c292f5ade625e2
AgentTesla
b4267cab9e3e8255b44e1947b4c6bb40901d9f0654c2d0ab40690851fcacf16c
AgentTesla
d6e2c72145fa1473a21537eb00dfd5f038d441c4852ba54a70234e29cc189e49
AgentTesla
d8f37e199f10881b2045823553fd64f3f52ec616e24f2235a47dae7c435a3c72
AgentTesla
e9f6a306988f2ef722e09399f0473f0d8623b23da0de1bb32e58e91d21a356e3
AgentTesla
ed184e1c76f982d9537a281ac7cc805179e72d9ca538e7ff202e7be38bfee6ae
AgentTesla
+ 24 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201030-5g3qc7gbsx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe f132a49b6940edaa008fdf3b73fb80ffec67e83ff8ffd8eec657386fda9c48a5

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/81220/

Comments