MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5440294a7763a08b3d8c32e23912b01a20dfa3f154c7cb0a2a1fa28f94b9dfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5440294a7763a08b3d8c32e23912b01a20dfa3f154c7cb0a2a1fa28f94b9dfd
SHA3-384 hash: 584847ffbff5a1609fc04646b920eeed37d38db3dd2dc62b769099f7e0ab2836b4ba1d41734f413601ad2075cbc0817b
SHA1 hash: 1bc53a22ebbce9fdfbf6151b35dc543a90fa528f
MD5 hash: cec191c823d67510866cd6bf3d669e55
humanhash: shade-california-zulu-alaska
File name:PO_2567382fax.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:372'736 bytes
First seen:2020-11-02 14:49:31 UTC
Last seen:2020-11-08 14:12:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'664 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:O6adYjuasZChrcnUxYXO4lqtMw1/Bqul3fTtQaCeMw0ZEAmg+:O6aYuaG6SXO4Ut5Jo0TtQaCeMw0ZEAmD
Threatray 1'322 similar samples on MalwareBazaar
TLSH 76848DF4711479DEE42F8632CAA87C6402B23D9B8BCB5409516B7A9716BF353EE0184F
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81829/
Detection(s):
SecuriteInfo.com.ArtemisCEC191C823D6.1498.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/518246
Signature
Found malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal ftp login credentials
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5440294a7763a08b3d8c32e23912b01a20dfa3f154c7cb0a2a1fa28f94b9dfd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-02 13:12:14 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6vcafffhoy5arm6yymxchejlagra36r7cvghzmfcuh5cr6kltx6q._file
Verdict:
malicious
Similar samples:
119d234e1f826adac6d68a614251fb9d1a20a4368102068ea030731372546f3c
AgentTesla
237543ba5636a40b54e32ba6c9a4c859139acadf9b5d94e2f15d99251e71a415
AgentTesla
30fdd56ea8646781decef9395d191a98f9b0319bff33713a6486137274efc270
AgentTesla
35d8fbdb864d9104dd1a9f05fe522b27bb6d278ea993a7863b298b66df06636b
AgentTesla
4106d7796887912eef46c78f6f62593d12152ae114e6e67c004afcaddb4296f5
AgentTesla
546274026ba4ffdc8c226e6fbbb52e9afd9a3b79544bc08aeb372f505b7e98f9
AgentTesla
56156c5b658580571c626897cd0e5c5ec46583f6907ead2ef5d73ee76324f18e
AgentTesla
69fd68e42bf6c97d7d97134c248ced79cd81fe6b58873b3d31558bf4d875a097
AgentTesla
83007f21c5c176001903f5ef3bf480615257fb09fd5f1981fabdcc7b618495be
AgentTesla
9be9720b02fb636479bbf10a2c3e020c7505ceb058821a644d641d8dd6667785
AgentTesla
+ 1'312 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201102-clya6rm7hj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
825607b86bd9e60d002829cbd2af90d0ff4aba7fe1b97ba3f59e1594f12f47dd
MD5 hash:
8407c25e50b18fca57c7450b2523b7d1
SHA1 hash:
1876265744105a57d68c5a8a49318886622ef811
Link:
https://www.unpac.me/results/333a3f62-e58f-4dbd-8d72-4be9300ec816/
SH256 hash:
23b39719f3c8f482b5821ff5d812add13ce92c1ba36e25fa49dd92c9558329a6
MD5 hash:
19a7dcdbdc66f24826e3d7c5199ec00f
SHA1 hash:
5566ee4d707c8b11857a5c8c27c8b48f4b4d878b
Link:
https://www.unpac.me/results/333a3f62-e58f-4dbd-8d72-4be9300ec816/
SH256 hash:
59cd8afacac20944db84cddc865a71a7b03899151629c2e5731dd55c38265838
MD5 hash:
5de43eeb1f13570f7c2879d226f2ab2d
SHA1 hash:
8f651680da1873fea8b8a558d65e1ddf5a481469
Link:
https://www.unpac.me/results/333a3f62-e58f-4dbd-8d72-4be9300ec816/
SH256 hash:
f5440294a7763a08b3d8c32e23912b01a20dfa3f154c7cb0a2a1fa28f94b9dfd
MD5 hash:
cec191c823d67510866cd6bf3d669e55
SHA1 hash:
1bc53a22ebbce9fdfbf6151b35dc543a90fa528f
Link:
https://www.unpac.me/results/333a3f62-e58f-4dbd-8d72-4be9300ec816/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f5440294a7763a08b3d8c32e23912b01a20dfa3f154c7cb0a2a1fa28f94b9dfd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar af07d43a7a8466073692ad7d9d95a0c9c11cae31e68272d5d9dbc4e8c980bc55

AgentTesla

Executable exe f5440294a7763a08b3d8c32e23912b01a20dfa3f154c7cb0a2a1fa28f94b9dfd

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 af07d43a7a8466073692ad7d9d95a0c9c11cae31e68272d5d9dbc4e8c980bc55
Cape
Cape
https://www.capesandbox.com/analysis/81829/

Comments