MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad
SHA3-384 hash: a4e57ffe70fa3d4a162820c6ea94050fda8cb834dc8ddfc1a536336dec1b7428d4209bc4390ef08dfd0cb0970ba80b36
SHA1 hash: f0f1e579c6740b18855adc02bc8c800667648d9c
MD5 hash: 67d11389f8d2c4dc8a0fd1cf62dec2aa
humanhash: burger-sad-timing-seventeen
File name:67d11389f8d2c4dc8a0fd1cf62dec2aa.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'090'040 bytes
First seen:2021-10-25 07:34:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcf1390e9ce472c7270447fc5c61a0c1 (864 x DCRat, 118 x NanoCore, 94 x njrat)
ssdeep 24576:rAOcZQhr2v2F6+JUtBAgi3X7d5vldplLzl7L3KIWGoo0UBX+R9p:tM2F6U13X7dll3xJPH0UI3
Threatray 1'073 similar samples on MalwareBazaar
TLSH T1D7351202B7D688B3E5732A32463476016D7D7E205F39EB5EB3D049AE9F312916124BB3
File icon (PE):PE icon
dhash icon 0ccaaaa4b4a40cac (5 x LummaStealer, 2 x AgentTesla, 1 x SnakeKeylogger)
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/199807/
Detection(s):
Win.Packed.njRAT-9373661-0
Create hunting rule

Win.Malware.Vasal-9406029-0
Create hunting rule

SecuriteInfo.com.Gen.Variant.Johnnie.221809.751.14920.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Creating a file
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Adding an access-denied ACE
Launching a process
Creating a file in the %temp% directory
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/6176a319db358dd15ed93264/reports/2f6ec40c-b7e3-44c8-959e-2c5d110d563f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1ecc6013-59ac-4e7c-bf8c-237211a4cb97
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/876045
Signature
Drops PE files with a suspicious file extension
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad/
Threat name:
Win32.Trojan.Lisk
Create hunting rule
Status:
Malicious
First seen:
2021-10-24 20:49:01 UTC
AV detection:
20 of 44 (45.45%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
022a59ed972a0a93af024278929ae49d28e59382e620c283dd3b701f24a218d4
AgentTesla
1a670f0875ed669e317ea331c549fa93f13c9d077dabc86460f292053ec86d73
AgentTesla
336c8f08437e02813b6f5c4a9e61f6b22f93fb28b014532dfe48b5a1707f6cce
AgentTesla
6ec80b2dc86e97a886c52fb67aea4ce1ab195587d51236f00cd5c4bf93edb4eb
AgentTesla
ac63e6a70d5a7b867b798cd4a22db827d66c95f2506d1efdb49d2b6bf6d73aa8
AgentTesla
bb6424f6051455bd165527d6fd1fc1e6d48292562eb17ea80425018625126f3d
AgentTesla
c8a4462c6b8f5d8728d5374adc98def5a5c38dd97d70a1c3859c876bfbe3fbd0
AgentTesla
d2bab44593f0f81cd77f1cb289f8681f6f3fa334a1ce03c14e1c201012ca516d
AgentTesla
d5d407ae895a78d590246ab7fff43041c310601b443d4683a94365c9015bd0df
AgentTesla
e79ef9ac540330942b1185f71c77d95e6582ea77c4eedc0740a19afeebb59323
AgentTesla
+ 1'063 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/211025-jerjssggak/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
AgentTesla Payload
AgentTesla
Unpacked files
SH256 hash:
fd70d31e13e1df897b6c67df9f697c2960bc1c96a545e9dd41350931d5ae76ef
MD5 hash:
456a783b52f5536a951924eb3ff6e684
SHA1 hash:
6bd30114e817052a102dd5f82fca5b9b10f16ac7
Link:
https://www.unpac.me/results/d9ca05c6-0519-4075-a297-28ae9b39b282/
SH256 hash:
c650e3692ed08a385f64f423ff4f60ce7035dfb2097c55072b94bc18e0df1061
MD5 hash:
dd0fde0fdf6e06c0b017ef5b594acc41
SHA1 hash:
ae41505c7608b484ee469c665b6115a1f89abf19
Link:
https://www.unpac.me/results/d9ca05c6-0519-4075-a297-28ae9b39b282/
SH256 hash:
f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad
MD5 hash:
67d11389f8d2c4dc8a0fd1cf62dec2aa
SHA1 hash:
f0f1e579c6740b18855adc02bc8c800667648d9c
Link:
https://www.unpac.me/results/d9ca05c6-0519-4075-a297-28ae9b39b282/
Malware family:
Agent Tesla v3
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f4b03241b05a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe f4b03241b05ab574499decb9f59ceabc87509849569c614df462a2fa92c6f4ad

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1685447/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/199807/

Comments