MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1e27e0dbf418da288b43f2dd8bd89f494558fa4ffa12ad1ba8e8cabe9f47c7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1e27e0dbf418da288b43f2dd8bd89f494558fa4ffa12ad1ba8e8cabe9f47c7d
SHA3-384 hash: 71a4d26a6b553847098d742ed87c0d3c6f7a4f55567d1c6f8d3ff83093bd1a2528d48333ab7b38e8797c0d597f34e39b
SHA1 hash: 00fb6958801365f21cd2f21669adf1c90f64a221
MD5 hash: ac0e6d08a5c501932ae5eea36000e7d1
humanhash: pluto-early-freddie-avocado
File name:ac0e6d08a5c501932ae5eea36000e7d1.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:570'368 bytes
First seen:2021-04-22 16:44:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:YuBiJQHW+DVzRRRRRK/xF6ZGd9eJ6bNzz6oP1pu4jW+Ph8bPqs3xTn7h6vR5:KAW+tRRRRRK/7j94E7kPqExV6vr
TLSH 89C4012D63A81D66C9BD4BB985E1621743B0F2125217E75F0BE065FD7E333E08A16363
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
259
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
689737F67A2401CDF0348F5484020E605DD9BF40
Verdict:
Malicious activity
Analysis date:
2021-04-22 13:16:32 UTC
Tags:
encrypted opendir exploit CVE-2017-11882 loader
Link:
https://app.any.run/tasks/e8e321c3-cbf8-41fc-9763-43003866317f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.677-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/693456
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 395659 Sample: TKk4HiJU7L.exe Startdate: 22/04/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 TKk4HiJU7L.exe 2 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1e27e0dbf418da288b43f2dd8bd89f494558fa4ffa12ad1ba8e8cabe9f47c7d/
Threat name:
ByteCode-MSIL.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2021-04-22 16:08:13 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6hrh4dn7igg2fcfuh4w5rpmj6skfld5e76qsvun2r2gkx2pupr6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210422-dsmgsfbvjs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
e33b0d0b4b86f0dbb3d1278e68e88a650e5f3350694efb70be313761197b1969
MD5 hash:
471161f6f24e5d26b2db3e0ee18e80b5
SHA1 hash:
ed98f1178a5fe4b86fe0f7e4cd5ebbfba7483a30
Link:
https://www.unpac.me/results/44bb753f-4f84-4141-b130-aeb519599649/
SH256 hash:
f1e27e0dbf418da288b43f2dd8bd89f494558fa4ffa12ad1ba8e8cabe9f47c7d
MD5 hash:
ac0e6d08a5c501932ae5eea36000e7d1
SHA1 hash:
00fb6958801365f21cd2f21669adf1c90f64a221
Link:
https://www.unpac.me/results/44bb753f-4f84-4141-b130-aeb519599649/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/f1e27e0dbf418da288b43f2dd8bd89f494558fa4ffa12ad1ba8e8cabe9f47c7d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe f1e27e0dbf418da288b43f2dd8bd89f494558fa4ffa12ad1ba8e8cabe9f47c7d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1153350/
  
Delivery method
Distributed via web download

Comments