MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f194cc1d2476f819084e0612933173c0a8302453d32f77331e39a5d96ef5e46f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f194cc1d2476f819084e0612933173c0a8302453d32f77331e39a5d96ef5e46f
SHA3-384 hash: e632309dc7df70653632773113dc74a414d1acfe01ea96736caac291c86b4ca98768213aafe3ae11b093a6949aafea1d
SHA1 hash: 90970fa1f2fcb18978f09369228a943da7825c16
MD5 hash: 4f9b05428942b2b250d3595f98ee50e0
humanhash: april-fifteen-grey-football
File name:SecuriteInfo.com.FileRepMalware.7895.30207
Download: download sample
Signature AgentTesla
Create hunting rule
File size:486'400 bytes
First seen:2022-11-22 20:30:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:zbdkCScfmNa99zkVPO6MOICkDRSnSkhoSVNjgcI5d:zTfmN5VPLMOODKSioEjgc
Threatray 639 similar samples on MalwareBazaar
TLSH T1E4A4F1619B561CECF4860DF9F8E5438E82F8FE05EDA7C2E238CDADC419760761AD4126
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.FileRepMalware.7895.30207
Verdict:
No threats detected
Analysis date:
2022-11-22 20:31:13 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9f61ebb2-e5a8-47ed-907b-2c52083ebe32

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/337350/
Detection(s):
SecuriteInfo.com.FileRepMalware.7895.30207.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a service
Loading a system driver
Sending a custom TCP request
Launching a process
Using the Windows Management Instrumentation requests
Creating a file
Reading critical registry keys
Creating a window
Enabling autorun for a service
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/637d3189559d07a06f46e154/reports/aaecce35-05ba-48e9-9f5a-21bdcd1a9e97/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7909605a-1eac-4ac4-876c-5bcd1d26a2c1
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1119206
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample is not signed and drops a device driver
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f194cc1d2476f819084e0612933173c0a8302453d32f77331e39a5d96ef5e46f/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-11-22 17:14:53 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
12 of 26 (46.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6gkmyhjeo34bsccoayjjgmltycudajct2mxxomy6hgs5s3xv4rxq._file
Verdict:
suspicious
Similar samples:
059c47f1fb93e65580c59415a40a376c8fc3168f13282f2f5efddd4c54ce0fac
AgentTesla
36b5580f0239d0e3ab71541b1bdbc26f6e3e397cb1978b91c9e358e52a03de79
AgentTesla
36db39aad52ff2ece38ada70f14ef45da78434311c1043bbb4beead602481d7e
AgentTesla
55cf18f4491e2db87c5612b2501dbbd3acd9c6460b1863ab56f5d9209cbecbdc
AgentTesla
c4a2d1a93c9da2d51ae8d0ef88b1dbf6fecd931714d9a09221c4f928f6861ce3
AgentTesla
d1ca3f8fb1acd28ee6ce1227880e74fca8aa908ca373931a5180f3cb76bb8fe1
AgentTesla
d442cd3002178041faa5d9d233820b84031a3432f5384ce9e8ec8990a2e15b70
AgentTesla
def9b4590e2daf9efa8ce75908a776997c3e434dda942b58c8ece1994a4ec8e2
AgentTesla
f0c54f3f1717c1039dacdf7c4b63200d6f027e5a622c6eb65636d2089aa4b1c0
AgentTesla
+ 629 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/221122-zapseagb36/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Sets service image path in registry
AgentTesla
Unpacked files
SH256 hash:
f194cc1d2476f819084e0612933173c0a8302453d32f77331e39a5d96ef5e46f
MD5 hash:
4f9b05428942b2b250d3595f98ee50e0
SHA1 hash:
90970fa1f2fcb18978f09369228a943da7825c16
Link:
https://www.unpac.me/results/b187320e-ad1c-4053-8193-b514ee4da0fc/
Malware family:
AgentTesla.v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f194cc1d2476/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/f194cc1d2476f819084e0612933173c0a8302453d32f77331e39a5d96ef5e46f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/337350/

Comments