MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f41724b34636a2b2dc0e76328e88be75b5240c7221024f49033fa6fb2648cf16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f41724b34636a2b2dc0e76328e88be75b5240c7221024f49033fa6fb2648cf16
SHA3-384 hash: 686a1021b3d129ee69492b78c904439da068c070ca6fb72578b865644851c65457189fbb42107633b948545c10ebfe3e
SHA1 hash: 1ae9c4f5c4927931349e194fb32da2929f116ab8
MD5 hash: b9f61fd528f5d0a09ff0ef372d5b4d75
humanhash: berlin-hawaii-skylark-summer
File name:INV..6588965..PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:545'792 bytes
First seen:2020-11-06 15:10:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'649 x AgentTesla, 19'461 x Formbook, 12'202 x SnakeKeylogger)
ssdeep 12288:T3RyhgqwmfZaDLhWGdAjRf7nmVIdMz7xMJWjfbqUirEii:TcCmfZaDVhel7nmVIAjf+9Eii
Threatray 1'002 similar samples on MalwareBazaar
TLSH F0C4026EA34C6F15DABF23BC85B0904117F0E196E727DB033ED850E91AD2B918724B97
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a process with a hidden window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f41724b34636a2b2dc0e76328e88be75b5240c7221024f49033fa6fb2648cf16/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 13:17:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6qlsjm2gg2rlfxaooyzi5cf6ow2siddseebe6sidh6tpwjsiz4la._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0233c43ce1cf759e1d8c8d343b03bfbad84652b12fe32b0e54b7fc7c08bdcc88
AgentTesla
0b741b53e9abfd7d5147eff7fa963976a776e8bedb99d08ae6e7288525823a59
AgentTesla
3a5b1c9c7e10e40551f26dafe302f056f86ce6c6c138a96b0b79389a095b7fca
AgentTesla
3b730885744ae75260212b43010cbd9578df34c88450745169a56a99d2476ffa
AgentTesla
4059c5c31844e43226ec7b22e9f971aec27765e3822685e3a6b4af541fa6ced3
AgentTesla
6adc726b1fed131552f57794978c3a0ea49e8f816092e106454e73539511e9e7
AgentTesla
6bc23ccd8612b26fde69c3c640beaf2b1997b5081ba210eb7b26f903c80b55da
AgentTesla
a02fab001fe08ddb9a1ff1113714164bfb779c3c1829e0db5de65a9174f3af7c
AgentTesla
aa5d58519adc258a32494cee3551c16684a3d247c03ca114338756172fda96cb
AgentTesla
ee126cf35bbdcf2b2e8bbff8f27371910f9037799d4a3f5dbba16e5dc39797e7
AgentTesla
+ 992 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201106-yaalqpkren/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
f68ca0b78b664078fba64806c493c44f40fe05c5b8355fd865d8196fd67f22c1
MD5 hash:
8c99c624f9c068fd3c0bd3eccbb0f120
SHA1 hash:
225f62bf5f94b48fa397ada017cb3e7148dec053
Link:
https://www.unpac.me/results/c1aae99f-f187-4850-a93f-c1bbf68795b2/
SH256 hash:
84116e6f1d305bb34a326b6a2f91ae1d9faf1201ffb1770c55a606a4761a6d61
MD5 hash:
a3c3318649ee0b84303a4a2f7b8188f7
SHA1 hash:
82e1802cffe4bd94b02b490bcb4e1e840c7ba6b8
Link:
https://www.unpac.me/results/c1aae99f-f187-4850-a93f-c1bbf68795b2/
SH256 hash:
14b9779264ce5aa726b3f03608ca92ead1603a48dd53f82e5a38ee6c24fb1f22
MD5 hash:
3e2fc63cf82c680d4be8659240ed4329
SHA1 hash:
bfbcaf3a5daa5e4ae6c1420b946832d59843253f
Link:
https://www.unpac.me/results/c1aae99f-f187-4850-a93f-c1bbf68795b2/
SH256 hash:
bac5797bde4b2810766a40d95bcdb825ac5b395fcbadd139daa19a44a6cdc049
MD5 hash:
a92cc1f6e0a2742350dfda6726db14c0
SHA1 hash:
e5404e3ed46498deb8ad8966a774540c2b8e9c1e
Link:
https://www.unpac.me/results/c1aae99f-f187-4850-a93f-c1bbf68795b2/
SH256 hash:
f41724b34636a2b2dc0e76328e88be75b5240c7221024f49033fa6fb2648cf16
MD5 hash:
b9f61fd528f5d0a09ff0ef372d5b4d75
SHA1 hash:
1ae9c4f5c4927931349e194fb32da2929f116ab8
Link:
https://www.unpac.me/results/c1aae99f-f187-4850-a93f-c1bbf68795b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f41724b34636a2b2dc0e76328e88be75b5240c7221024f49033fa6fb2648cf16

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekSHen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e8cfb0592cc64af3cc215ca4312afd40783dce4df7f2c2291914609af10cf95e

AgentTesla

Executable exe f41724b34636a2b2dc0e76328e88be75b5240c7221024f49033fa6fb2648cf16

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 e8cfb0592cc64af3cc215ca4312afd40783dce4df7f2c2291914609af10cf95e

Comments