MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa
SHA3-384 hash: e30beabf72294a255b272f8c2d999a7b1716aa877a92d43288c0a648af53c44f5cd454596d07fdc0e1fd9f2ad033f5ee
SHA1 hash: cf162ce4171f2d8115f38c8f8004a0ec3b931417
MD5 hash: 42bdba10ab5d962cf9714f4980272d22
humanhash: stream-equal-april-eight
File name:42bdba10ab5d962cf9714f4980272d22
Download: download sample
Signature AgentTesla
Create hunting rule
File size:968'192 bytes
First seen:2023-12-22 07:59:12 UTC
Last seen:2023-12-22 09:16:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:w9v67eRzvnIh8FdEGHbylsIeue7XeMusWjDkpLRK1trpQc:dGbJyG7ylBFWszvwLRKKc
Threatray 4'353 similar samples on MalwareBazaar
TLSH T13825E53C58BE2A27C076D7E9C7E50563F260987B3A11EC2698D347994362B9379C321E
TrID 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.2% (.SCR) Windows screen saver (13097/50/3)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter zbetcheckin
Tags:32 AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
346
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/468976/
Detection(s):
Porcupine.Malware.58887.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65854207ffafd83ebc97bf96/reports/ef56aad9-8d20-4b45-8a9b-e93e6692d888/overview
Verdict:
Malicious
Labled as:
Ser.Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7052c5be-a7da-49f2-8728-46ed818b3319
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1366069
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to log keystrokes (.Net Source)
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-12-20 23:02:37 UTC
File Type:
PE (.Net Exe)
Extracted files:
54
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kaemj2jgppgflc5vjgzrizvlac2v2u25i5rue7pjfmdz5icusva._file
Verdict:
malicious
Label(s):
agenttesla_v4
Create hunting rule
agenttesla
Create hunting rule
Similar samples:
15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
AgentTesla
48ef496367a300605f93d8d5f650a7a9a9e333c6acae2770efd78181bdd293aa
AgentTesla
4a699a693c63228aebd3e0bc98d92fe2d8bb7ae487992e81cfee767f0b9ed1bf
AgentTesla
5f18177e3983cc801653cb1da190145a1e83cc5b277ea0246107c15f165bb554
AgentTesla
89bc9fdb7d1d93a49c7cf3ccfff8ec5c174a44dd580e63e3cb47de448e9daefc
AgentTesla
c19e44f612b1b11dacfbed23b9de1b2af9035fe080438615d8f38f2ed079e93c
AgentTesla
cd71376c12e5a0c3fdd2ea32556623ef987eaa4330d88547996bb29c444cafa6
AgentTesla
+ 4'343 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/231222-jvzkcacgcj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
d01f3dea3851602ba5a0586c60430d286adf6fcc7e17aab080601a66630606e5
MD5 hash:
579197d4f760148a9482d1ebde113259
SHA1 hash:
cf6924eb360c7e5a117323bebcb6ee02d2aec86d
Link:
https://www.unpac.me/results/80f1e2d7-d132-41dd-9e95-1cbd035d2e9c/
SH256 hash:
c5328f7af843244b56d6a208c322a9315daea139d1b255cda993b243e4394ecf
MD5 hash:
160f4669c06c6496d79a92ea9d33e89b
SHA1 hash:
baae226fdb2a9739f118db781bdc74f2efc6a585
Link:
https://www.unpac.me/results/80f1e2d7-d132-41dd-9e95-1cbd035d2e9c/
SH256 hash:
25b01b18b3087ad4bff160cf1c4e57159eba2fc86364eaaf303c88312dfa00d1
MD5 hash:
a4d3a2a7a7a67f335bbe0ea3d760bb7c
SHA1 hash:
8f5954fb483a8139681ac0519b2942513f0e50ee
Detections:
AgentTesla
Create hunting rule
win_agent_tesla_bytecodes_sep_2023
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
Link:
https://www.unpac.me/results/80f1e2d7-d132-41dd-9e95-1cbd035d2e9c/
Parent samples :
15166fb9da4ac059a9fb8f776a649e9391e99de7d2adb22cb46880254fca01ad
f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa
SH256 hash:
89a7ea862d2e1c2f17811c8b63a7b245a73a9ab25749ce4cd13c148adc8b6e2a
MD5 hash:
b157e0a969e9a8b705b0bccd39c29a26
SHA1 hash:
419e0ecb8a944769acda91583cfc40077f70119a
Link:
https://www.unpac.me/results/80f1e2d7-d132-41dd-9e95-1cbd035d2e9c/
SH256 hash:
f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa
MD5 hash:
42bdba10ab5d962cf9714f4980272d22
SHA1 hash:
cf162ce4171f2d8115f38c8f8004a0ec3b931417
Link:
https://www.unpac.me/results/80f1e2d7-d132-41dd-9e95-1cbd035d2e9c/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f28046274933/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe f28046274933de62ac5daa4d98a3355805aaea9aea3b1a13ef49583cf502a4aa

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/468976/
  
URLhaus
https://urlhaus.abuse.ch/url/2743467/

Comments


Avatar
zbet commented on 2023-12-22 07:59:13 UTC

url : hxxp://degarmen.com/neuvo/nigown.exe