MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 16


Intelligence 16 IOCs YARA 11 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
SHA3-384 hash: 57e36e0fcee0529c8a8a835eae78c179c2b2664ab9d8ed43bd8c6f8a64e61de8875b45d5556031b1205208a88ad2ce72
SHA1 hash: d1bd9ca07ae999eeace9540fe1d42eb9184b11e0
MD5 hash: 0f8b8d6d1fc4bad651dc01b3804680ac
humanhash: early-hydrogen-mobile-diet
File name:Quote_3309.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:602'624 bytes
First seen:2024-01-28 10:45:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'738 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:mT7i0C0eo8r/+UQXaOvlMqU+x2s7ijfj7fdkRriZlsk9wDVZgO:z01wxQXamxD7ufvfdVF9wg
TLSH T1F1D4020037795B63E53E93F51DA0601A07F2A92B2675E34D4CC671CB1AB7B824B60F9B
TrID 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.0% (.EXE) Win64 Executable (generic) (10523/12/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Reporter e24111111111111
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
327
Origin country :
GR GR
Vendor Threat Intelligence
Detection:
AgentTesla
Create hunting rule
Link:
https://www.capesandbox.com/analysis/473251/
Detection(s):
Win.Packed.Taskun-10019633-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Using the Windows Management Instrumentation requests
Reading critical registry keys
DNS request
Stealing user critical data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65b6306c40cbb80fe0477416/reports/1f2fbb9f-2da7-47e3-a161-9279e4b39286/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9d037c2d-de30-40f2-97be-7e48b350ded7
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1382281
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2024-01-24 06:20:52 UTC
File Type:
PE (.Net Exe)
Extracted files:
21
AV detection:
22 of 24 (91.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bhqechbzthgq5tbdk4npzgjf5haeqt6tjzcqp2ti34yx5stsfqa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/240128-mtys7shaf5/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
MD5 hash:
fe9b94bc0027a4cb1c82a55191159292
SHA1 hash:
f28fce2bbff4aef4fcafdbe538eb7d26f0b3f061
Detections:
AgentTeslaXorStringsNet
Create hunting rule
MSIL_SUSP_OBFUSC_XorStringsNet
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
Link:
https://www.unpac.me/results/379f57ca-4744-47cd-b394-daee890c7bc9/
Parent samples :
c30918e678ef92471a950450fd052eb49cbf066fa37a42bcf9c70b4a7522f86e
c88c132a285ea816d2804c27249cc2c935865507f094c8e73c27f4bfe8a87cf3
40f520059151169261544437b55034ba75964151f2fb4e931b9c5f648672d70c
5f60065f39cfb14defcad05927bd60aad0f5dbca0977a88cf0afe78ff31d5c63
e15f9f1f3757325a4af0c327a602598d1f52fbaee85a0a1e370b7437ac3e9ebf
edc7431f81049c3df92735f6834e59da7a2b7fb3f1c9c7838d0ae4ebbdf86cd0
8c87e92f4606b57b1292de938a18cc24e181b521092b17800f8909eb9e135c13
e08afe506a39a4bb08a3e299b56382cf4c1ef488b723fb45525dfaac2451d2b9
21ea63d0aac1cb7fe26cc9693ba53b931f227bd26c333a622355ab218059fc58
8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a
13e36dd78efbec69aab73c92a926ee54f892499fbe5174442ef912731352a839
4d2b3332bac8fc3295fb6941f27014b6655c4f854ee6efab83b33652cfb463ec
46247eae2879b89ccae5e98acabb802062b6f21dfe86eb604ef136c2bcaf4958
484794d12f8acdb2894d9009c17421bf0b5be491eb43273f35bdf56295b26ff0
96ab76c69460cc8d8a255ff6ba2fa73091856c0730aeab47cdffa43ab8249c12
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
2e258ed170965c8d26e5e284e9b6f0204b7be36b68dc0221d11f1a446e46e153
342761981c08642199e312e11dfb8584c39c36dcf0d9829398b5de8de6302155
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
e30c2f0a1b9801273948018c318bee81a6a202f4c2411682186cd8abd1ac387c
9c5c25534452390522f00bd000ccef1275b398f83e60edd5c1243cd0666e8406
cf3190bc9c7c3db75b48b4e180a511bdfb62942591540f88ddae24f2fa3d049c
4072d54cdf2a168636a24c4063e56694d071dd91d4337f2413d762841d5ed1ea
71150325320f5fcc0563996a9cdf89217e8a743fe3a75e754fca5fda5c86cf67
e47231e1941487788c99975572fc9fdeb6a4948ce8cebde1e3def61ce628fce5
a159bd480f79fa31be7221debd26ef015e4ad69efed117d9b2892554c73f57f0
6819d0ef008f17b3bffc407cbc8e37c43eabfdc39bdb10029afb535f542e4d86
ee4ae0633d4f95d3611693174a516e4a4c20dddaafa737245fd8a7100a49b9e8
21a19482c7a1a678d0797850431815d7778aaf3c76218e154cd36f13062e378a
f8eb4a77eb29f42fb4ea1c255a1aa67fa622a9e5a8f7440cdf8ea8b5eb1d0ca9
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
e1a098790e575bfbdde1957b2287912df823590042759fdf8e5e2adc26857137
9dcffe8f3437c5c785db60eec5594c3b22ebbec969f02de1ba545b3a70a648e6
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
4e10c6fe5d0f656aab6d41c6a359bdbf658cafad4866583c8872ed60ed3018ed
a942a5f750e75de35ee750458c6849bf62af8867469873c1ae097a3f6cfd2ff6
5e1482b083ef98d77ee7c436a9b074e942d605a9b4a6f6c93c0eb65c8b82e359
ddcacd894280453eff2a06fed2994e57b701477c7af50d538f43f5c40c37cfdf
b17e991349d87089f0a98094f780531ff8ee0b89a2446aeeecd61eb77b2c5423
f7e3d289131a067c332064bd6f6cb7d336f0fb0476af14eea1d1b1a7127493a9
5ca87353c4d37e66f76875a46235208796dd620ad3cb7cebc6b5e66be55b2913
2581c92f9d54cdec17c02ff7b814ee3f7411c4f7c5e6bd1e4ea95431a1217a37
4af0ad255ce753c34b265d5714681b436ef635cbfc8dab10349ea913547be805
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
24565cd1781c0378bf33859bddd21713cf1b624d2ab697921341ffb2c995e456
9a71fbe977c8db9b96f804494901b49117db817bce171818140629a345b7eeaf
4d62deb9e012ee45a9b2d5c90a15955965957d3c8065b24efdde65a9c8a33b66
d7068c23337a266991d88993f5b73c093a8b864f8f90359aba2026c02a1d027f
56b1b13bbe42015f512de69de47af0abda07316f4edef30f2c1ebc4c5bde5bf2
5c08922622153fcfa1cf05af7f0bdf474c6f9990c4f529742516a03362675cc0
37109eb42fff729d1786ca4b676167f7acaa918a4abaf3bb465cfed6efa2b134
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
75d0f8641ab2d7d47457fa1f1eeb338b2aacb9e356a539d18780c273d5a37a0f
78fe38ba9a5ee5fc0156e1d2a7598597f0fdeb85bba64c86bcc36ed9d1d24bd4
fe2ae83c4440daa77bdb1c5951efe680fe1a2e41209ebeba1ae72792d9c9ae06
a07df7d83e05047ef95a78bd47023a60c53414cbf1d6cdb2bbba7ad762675a28
2363d23876a13f38f92ae169c04f2d12bb3ab6a027b4f46f144aef5a02ee0105
68729fae59820aa23f3229fcb7dd8a438d31e3635bf621a1f53a8086ffadbbf8
115fc6621dd995b238916ac8629521d718fb941f0b455f019c85b1a4174f47d2
05d703bba8967b2bbf708b1c91e364b99e6b2b8f18f59fa07c47d4da47e0272a
ffd7d83a9e5fae75ed025a5e148013b4d3e7da5817bc715e4e0451a535d5e507
e967eb5ff57e890dc8aa2bfc44a97c5016fd2c514590be458e21cfff334df6fb
8c7a2e6b92c3db88ad183a2a6da6f523be61e4268782fa03c7bd4143f614ece7
859ce543eead04b946a2d77d7d2a9342cfdfad1698fef1d442cb51fe6429eef2
ba38c374f40119a4acbdab2bc171043b87bae2d299b2628f2a02da87e851c97f
3bd2b14f49671769cc1b82ab8e12b1dfbfcd126a440a58e75feec717f036e10b
dc87604f1d5dc29d3aab245b6384d1886819e53b48118bbcf8df9fdb1b58dcaa
8ad4cfc5910c7367a8d9e92d4a1ebbb02b659abef458d8ee765ac09e3e46a484
493b28fea1ea39199b503c952ab4efaa8fd3ba5a5d5a2d9df0af21d031f3ea4c
348a670a96b8de07cb4c376807d33bd7badb5f747917dfec6f3fbccf7c966bd0
546569a42f00553d7fda79e6961779afadd95ea8e6a8738ef344275f2b642244
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
4d25a079e5c17965e6f79e9f47e122aec5b86b5a963525e6c1886d8c7d532e9c
d90ae55888f77f6914a142f25a20a441f6947cc4074f17cf8ecde99d41273525
7fbb218c97b61a5da84737c2b149277bc2d2c06601d891704d16924005379a2f
3372a33e02069a1a01adaf93b869ed66bdc06cb5b886e57c6f81e0243d6ec3a4
b27978ed194861aefac16772c229ff70288f71cc59611679eae88035a6c0191a
269e25fc0e57a2a1cbb6e3f01936142b4c6e8807d7e33960e5e8baf38ef3b631
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
cf0640554fe636e6ad2983b7c61a4a62e3d368080bef6084024e23e7dbfe9715
7f24d1a1ac882a4e9da16afa9f05464cc7b4a59aa42edd8855543a10319f5be4
03d70e61c415e7a0e2ec76c31cdaa056d05ba4a0c5424611df5b5b69c1415ff9
963574e90ebf7786aaf6a17966441068baeadbce658ddd2f19af9a9f3f34c7cc
42db38678ebdd31dbcab40014ff3b96a8b263f77e8484901226defbdfbb8eba6
ca43a036727274823265311a9995eb0c70e288bd44c5655a0d231ebf108a30a4
836e1a1a93d29eeef8a26fd8001cb5efe017c899bea5c4d404db74cc7e6ea563
165005cb8423f38beba5461a10f3cf5fb69304013b5033463265c5457e48b76d
99da41b6e12ed59550b34c28d2a84eae0a31c5395bd589230a368891d9053159
9ee9ae311878a9fc88d891aeb7282d9633a90bb4f3a8688216fa3e12e4f33bbd
c015ba3cf24ba3b9a60b53b0f36fcf3368296c4951967ce63b3e6a6cfb3e7472
7a67d110bc1f15c95d420969b5ac6a78ae1d3c6d0f7d4e913af4a7db142a461e
4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372
62c012d00a605e319f4b61150151a4d811b80472e91ebc4bdebd5d98035250d2
efad3269d3bd9b9dfea3c1553dde89ad411d4dc850ad2cc9268e291ed3af1c6c
76ee39157442dc28e64f089260ca42ec5374ae2fccb99d0940b9717e48e6dc86
11013cdd71339c3aac7041ef80912c8c03786f5967d58c539af0d560687089e8
2791c4da37ccfaabed34d36c65d373650dcfa6db4cc8f2990d671e1c01cd74df
3420372e13d30995161a73ca1b87f59273f2e9986e6763b87527d91ed53df8ce
137e0a944efefef514d0595cdfade088a59eb12404a1469e76cd024ebdb2d1f1
aa31c3c2ad5f799d3b7d964c05c4a066921ef60aee8b3f96b4c95ba38518c692
8d8331f4dc08f7610760e59020a52423569dbbc5e7b03efe8026917f4905d19b
b612dbe8660225d074563250626237783bfdeedf5bb38d5af1e2789690787fc8
3591cadebdbbaee9e75158d085435cf81ba8cdfc5c92b050275f9b490ee60998
2abceffc33aa61d03182eeed898d402dcbfb1ddca4d1e6ee4b0b0482aa4f3b8a
e834cc0db159080a88d07c5e1c843905f7eb1f3b0b48ad1c5377f159fcb5e5f0
5b2d21f50ea195e247b45b8330c18acfd0f71e146fe40489ee8301c7045daf04
238525043acd0e92e92f6317fdadcb469dd26ef5cd7460e0188a673165ebef84
a43a6421f9f5f7ac6ce878ceff99e594fadc983275f4f2f464341e5564784c70
e2fed3e4dc387c2c5ed61ad006a9c346eca49f388636d31e48e19e81469d365b
4b669a9882308c41461e55b5c429cad387b139f10c73bf23bf4181a6b42544f9
5bf7b4330d2d77e12de0b43fbf876300a792e27fcd01021f02215a918781f61b
128eff6584a219a06cf80b831dcda899a96695f279e039dee81ea862aaadebed
e25b37773835f8846b990e84b23d62fba6130042452a4f43d4a8b3a6ed0c25ad
6a3d938b7100e9c39f7090db739cdf40f4f8e951bc39ead4d7b96c59c387df4f
e9b903a7b8f21807cb8025db679ffda1a2d8aeaa8de550259a7dd287493c8bcd
7dd6e7353eaa5327ca69dff1d7e598b3f36240aeab1efcbda34b295d9418ed15
cece3161c3a7ca97caaa49e774c6811e1f378cdbfe9fb37e17f953da7f8ebd08
36dc014cdc1ee051b88eab111948730fdaaa261506d32e2013a34a2aaea0e647
4bb06d5adcee687a9935287829f07670fc03579b1761163926f8f92c72173295
dd8dde439f81fa4a6c927468424e86bd039b0e7d20ce6bd0b64aace0a4ac17cf
fcf8187bb21250eb6f8bb655b18684b374c6135a2696c0f026da4dd65ea82e5e
ae818fd422d1eba54edfdbb1043f749b9931038157e3db1675d7c17fff3d1169
f532b6d77041027a94bfbc117759218899faad1441e4f60b57197d0a687b9240
2218994e51c15b1b3b403073b062c895bae9704a3255347fcd07d5a0dc4f217a
ef0d48f4ab28cc338fc29affea2e019f1aa34a54c4220b19a13f57f73f9f81a3
a21e5885c3e892eb1f2adec7d093935fa7746ea10ca638b3a00a73d67caddf7c
767aa72294b73ffbe525ee35fccfd5939a9cf6d1128717ac159ee9b9f9adc759
34df432fffd0dff5f4a974f12dd75d405816892e113100f34ed1b3bac7358ffe
fd21ad1a514c00f3cdadb7b6cb1a0414ae3ba4ff3a822a6a1d44857fd65bb998
SH256 hash:
1d33d555b73c704ff4fe4034d52b78ea5adc015480134730ee5be35dda903dba
MD5 hash:
d57ba8cdc26064b4bb6d9a54d192eeb9
SHA1 hash:
5667c386c978441a63c13a0bcad6a12b7532281c
Detections:
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/379f57ca-4744-47cd-b394-daee890c7bc9/
Parent samples :
a3bff963a78d300d87f4eb0b72b89f77dfe2949c020d49787bf69f78cf950957
cb7c810d1def4f26ab7841a883508648e9d5a7de232a066f63ce7acdd8e4f5b0
7e4178777e66874affc0c4e95846d4fadd7b9d39252ef984ede3e13ffdf0140a
7f4cf7be9758a49380bcbf0d253f9ee9474dcaff8807b4807b6b6604c8145fb1
e1634ff5ede9a20d67be7a3fae3c88a3983ae5c2804b588637068b0dc9fe3a0b
ff6b215f19a9c250170c0b55fbe400ef0abf5f619ca223f8e407d2141f522122
700fd6c408ce5d0e3953026e355db953dd3ca0850fedba2f0c772f7dcb18d80b
63f2ab7b378b46324d18e2a5246a1966d80be0952738c16c512358d537216ee6
c36013e4224ff11ecd2d2c1eeb69830211e2cfedc94260678ff9ee16590c89dd
36776fd1a84b600bff010627124a10d6d7b2924e469ba04f0a1ff39f003c129d
e6d8312356c497c9781cf72f5bbb56a16643c7c3dd4fbc1745fa92577702de62
05369208d0c31e1f2b1cf7bfbeb95439f5b23a08d6ec859a2cf51530a0c74ac1
772c3cd8d8d7bc1043d33a0f97e74e9e97754752f0a3d9c50aa28bfc1784acd3
ec7f9e26c253ba9024ad8baf255778a3ee3055cc0f834be9e77a41e80d49e9e0
841a8d318d917200d97923744371ff2e98c5ea8d9205823bfc895a9a494f2538
705322479931288652d8dcca3391e35ec17f003f68085455d8f6e2acec7dd2f7
055f46cf6b7e99842948d4e59820a70b779c864471c9a4234d7ac68637b94f6f
b5299eeae320619ecbc6a36ed9ddd7c7aef9f91779539f1c72bce38de5d82635
607c6eab23177feefeb9b9e941479f5c70f9132eea7355f693bf0c0f3bdd961b
9332e08a8bb23a66d9c1003c97fa4efbe3b5aaaf804d8a4ebb51323df3ade564
fd3c1907423ee42b394833ce43061bd8656e4250b63b5f0da32d6b101c99cfe8
72a051505abb9381f7e7b9256a38007e6b2f73915fd0b6d1891bae17063e8259
a27b90af0efe1643f641173c2a2efcb9eba21a9b4e2b13b8aa7513665fb490d7
0509f94b1130c86832027f9990c3f3da9a84bc00f1462e99e8ef16a806944bb4
2ffc3eca97e5736c881f13458e38408a554e94fa8df23753bf15423a6673e8d4
a72e43fa37b46c6c05aae87485a78b39a69d82624a447bc4a6f2481bcb892709
5b17813545c85a10c81e81610c7ebf01d2316f80c8b02b89bb747c31a8c919e6
94a33f12727532ff17c7cbce2fd33276e607e53bd6e03e8e7ee38f1386491bc9
b348825be831e3eb48ba5bee71b43e90073ba4d29056c86aea794dd1b6424618
1772bc937beb129e72657d927f5f33420225761fc634aa0c2a65c48f2bf35c90
ea399759fbd83f80066105ff45bba9e5f4d2756eded1a0bacdc0bdf32a283af2
58924b2968d04cc20ff58b4d0c4c220f7109eefb13db6b348aa2754293fbfe85
0497f6d061c93f99d46132b30e460f5e856ad3749b1d7ac9c9e1351e6db37020
bdedbe6d10d500531db662fdfaaaedf6b3362c144189443e1945f16c2db331ca
22de0b61308c9e186e46c8b584a91bf0d30e41822c8bb057ba83d8ec1c4b215a
81e7f10e3da2b0ae2e6785fa2126c3e76c3d11007ded45f88fd08390a25e7e69
8b44d22c62f8f7f749ed63a3ae1ea5068bdac5db4fbccec5635f47a6fd27dbde
c3cbff3aed1ec835babf2cb779d38d66ed9328662fb049819ce7d199e693409b
d4de5078a15d847876ba1af8c9d49b5449eaf21515b7a70307d42ced8c335ebd
c0bb5c738263d4ab3fbcf7743f3b700324c93d3236cfaecc0919771b0efe1b70
9d58f6f9e8cadbecbbef127edaa0f5376f8a52643e8d08d029f6672783a16e22
21f4cff809112e0a354179b898ede4e2d46c02c4054faeea2a1d57c08f6ac6bd
3e941cee8775445c37f252c350d1db6c09ba1587a798ffe8ded410568fe84629
008829495fb07d03d8ba297ade38201a8d713902ee7b2c18710e2ca63513daa3
e615bd88ac5bd226b4cf4d0893aa6a6ff8b1dfa91bf048218cf8dbba623c2796
070bc4d30d213930baf0450e5f9fa01b63311708e85bb68069182400a3946c49
83f04cafd0ef0c6d710c4116cbd6222b5746d7c2053005b395f78ea4a0ff07ab
5d6af06be9ec01074484b491de582d0ba0625f30ef36b96331675cd2615fe7ed
15114ec1d55832243fff432834efa5432e01e8834b6b8bfe05c7e6e8bdf78b7e
7154910c217ddc6b6d3726e066d688288efbcd8682a4ad90556fed2ce9009c69
f746ed45af2d73fae31d7c7b26b365377aa7d8bc97a12b9583502797c71502f1
cecd3fc1bf9666dbc8f10ef183088b53b0b8ddb2cd7a2590ae55c569cdbbdaf2
1d132becb6f5aa7c2597944d9fa196bacf8cea871ccbdd09ce64cab06f581583
d5b58663ecebfcc7b6093c8d0fbea2539cbcaeaa00d3f46f38b60353223ace6f
29f087438d46cf90b950d1013a74442b2f59854ff69b760616b9d14d6ac9a801
0b31e06dc15e96e9b5a3ff9f7618643d8d0e8e71f631414482ee8c218bbd2d85
f9a87985ca23f73a732bf3ab2d2158c3c3d72daa50a6ddc1299f8ae55c4fc5e5
59bfb982d029cacbcb298fb5f5cd32d30a4420c92cca120304e144aad3608068
41f69d2ee1b520c3b7b6f890f1aa179e8e4e7b42e0ee9bde0d0bffe6ee99e21b
0dc0814bf9af68b936d74daf83ecc88ed015d0b1a53c1bf886ea739dcaa1166e
a089efede840ee87f839049b84e2d055269fb6d0b349189e818f29658cbc3d11
387728d4d68279a1347744d93c6e1b441a8c85f954742b48ed76602c6074c399
e453df70a43c13e5369e84d709be914f98bd1035d4efee09d090572baa1845d1
d1eff45d764dbbd9e9fc345263b8b7f3b39996d4dd57b3c3ff4dd57215faad07
fa4c8c4fd3ad0008d15bcd71e575130151f5f211f7b1fd3e4c934e68f9ec5ad7
776774dc37907872aa37bd08d7940d51fcbdf88d09dddfd406215a9a5711dec7
5d47a80d0d70a08c67a9a793bfbbb939c9b13938e76e4b03f8499b3f4e4caa6a
5a35f52e0d2648bbaa5effdc525dddae79a9012344c54270c12415ff6d83e52a
289c80a31dd9c0f4c69db3288e5240e090a70e076fef4e392c63af50d224e4a5
069960eea034929991cd4c1edfd5cfbe12ecd1fb8cc85a58e64696c69839f49a
d9ce37fccf19b2aca12e06ede4bfec3654bc288b8748284e9ecc2676b8d93212
8d02093810a5c085023f3fa3de9619de6e51f5467f7826fb512a9e7878bc4569
2e62ccab66721d06ed86a11e1fb8e2207f440529a148efcb866b29f2382d12c3
aa2a7a45f9361876ba300272fd6c98d32ccdf80927ad088cf114195afcfc78bd
f318db79a444204fb79a7e1e023b3bfced09f60e439c9fb926580aad1b9e09ed
2d79661bab06962e3e62224d335c54bba46b49816053a657f5e385f9c664decb
18dcc42b24c46ae2977b3173964ba0a89595c83839bf527a32a7c7b28b4c369a
89821d7c365a38226118279910a8239ebb5357414ad78e69fcf23dc1092ea3fc
558122a88015bea8cc58d92d22e752167ccf7d837d8d85a3070497471660de3a
d8de75418c41232ba6cb4177f0766f5c48bb4952641c8c43c0a1f066f997e5b7
2a0bae477238b2eb5b2dd0127bd7b1a6396f6512dd6b3dd8b85aef23fcc59322
0305ad42c7da1b460dca33c0053dd6ebef74cd532f443817d6c81bbe74f959bc
e24f2f385bbbb4c09d165929599a3a802da74c2071a40b2d192313e21c0de4da
98bfea598fdbf66e6fe2ec2c44712794464832f0ae920abc93843780c15f506b
421bc23fe947a02ce49679bf4048785e3d50f4b914c0de05119fd12888687623
198596d17d62409a12b4f1f21e0a165774653713a4f9f5918ed710711b72573f
5a88ba99a9a102c08cbc44679f5bf078a79134bb99d0ca92fae9a8930500211b
3b4e3532a40eca44a5d89734e3fa567e88cdda066bcd7048172a5e1f95c8781f
11db5a95e90d6d4fffdd165db26971e275c9f799302de519a118ad1b48c4f587
1899cb937862bb84c5e4ab6a7211474a014cee50d4a05099a17ffb63ce8be0be
3d6c98f71037a6853222932b8b2b562c999b6111535c71081c7b90881b76b8b4
d948f80bf490f2dd3633d96c0c730b023984f67c45f225bf4c1e169085975293
844a5da9df7b604b6f85ca154026f32842425c57cdbdcd68cc6dc00d05dd1f29
258d0d5f9ddd5fb732807dd74dbc71f99adb82b82420f193573d01cb5a3a563f
683eb38c67e70e0cf2b9f5b2cb2ecb80dd91abd50539e216de7568512d5087c9
8957582ccd1876780ff5a43336984ee23ff03be1c8184a6ff9797828f52536e1
7a387acbd5bb25530813087436b2207051b361ae1e6d32f451958732cdb3b7f4
b2f95f5faf9437b040fdc78d347ce9aca970e2cdcffe877939362210bd685d52
f87afdb24721791be0b5b0a400b20a4f6545f8738b6a6665e1b0d09213c43b5f
fff9e202e5905ba82f68b445004980a5a99b78e3e86098bbd7568f8e61fe3260
85d6eeb46f4f808ab01a7af7e736cecb2e0d68baa4a60c1fa579a42558746de3
781f43e37ca22df3c807e1238d271cebab045e38212a58b5f47406e9ece9e2b1
923cf7d4a3785f11ac119a4a429a46fbcf1ff745d5865ce05efd9ef0a1ccef45
d6a64dc592c210af25a948be2824c9e92b02d99786004fea9b21032d467b9a12
27769f4bb96d0e605bdc282658c6a729e4ceb8447cd9e1f9880c69862258e66f
453a55e207726e7d46391d250ebb8be6b2f188c27ae597d49defeb8831f026dc
9c08f0499db9529b8c171f66432a1185ca004f2762ee77e3de9f3d8a8f5998bd
24b2c5278a4d80c22994b4d9727293aa6641ae9947f7ed522b7b5f44fa1f7a63
90ce02725d886ba2f6ae19d75257230e7fb80c9d19fa77d715f3e3226bd07125
32d376bc206926ca6f299e97d04644b68e6a863ac4975bf4a804bd120e82aeab
c6e74d13f05f11c8bda77a12154cc75b110cfccff566ee72106f80b302734565
0bb832320a92ba68c398f71058c99556988795e84f3838ffa8143921c3ed04c7
4ba298859e61cb9c39d9d4a4d556fe6357ce0901d5d4ac6f78e6e15ced75cccb
055df72340a95664035986e6d027055304abed82949af74bb5e230c841a8f8f5
47d396f2913a1a812fa3421d33730da64905cc93d2936d048fc51ec9ea2cabc4
6271c329c4f40cf98e90cfa7016bcf533be22f66c7e20446ea721a9a475e2325
b557e372c22db30990fad3e3226c4ab649d96b40170cb8890ba401d6ec0f3cc6
938e74e2208f8d67dd6e3d8cabb73682e0d160f6270171fac3af80f7712304ef
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
82456f6e550951ab6a0dc2cec4f2b5dc7cdf7e55170afb0589fd01196622e98c
ebaad7382547ccd2a7122e2a991e0b5fabcfc49823e258eaef1c2c57062321a3
6e4abc6a114b9b50936426d9eba916fe2a4fa59e9e226ce1c369ffb092d8087d
ff232b508c8bd32a681a0a4737e6028f92538cc923cb67989841644294493b00
04709040eacfb086cb71024a846c381ba9aaaabc80580aa2a63057df7ec218f9
8a29c80b0cd5df46f57f94c8934bccb49663e1c2311670875aa1ac48004fbea2
20e505e45d023aa2aaa74d1afb765b33a21e6b09de26a54760cee2c4f5ce1453
6c1ef5c49bd50a87b78c6836da99912d61bddbe94f5f604bb6153ef2fd9b0510
cd0cb018865b79f3e52d5dd49fb34e2fc0cdeb41feca165cbdd23fda66c2e6ae
8fa2e0d127c12e87357d7e9c41b3e71a0e2bd4bda5a1ad9bd6b10fab0f934b05
a8148f9225500d804ff688e662c4d1c08ab0c7a5575d9cc06feba87eb2afed92
12a594716a14edb8fcc167ca1f5541fcc2bf6f8758be3f072092cb7869bed11e
ef9291504c34bef37e4bd77b57f064beeedfb87295da6e6c5979970986f21c7d
19a9be9c599e9d453d07a0f5d72e891ec5b978d47c54ebfff855f9aa2b0994d4
b434201842862745c16dc4c8d7eb1e21b7fbb0896ccc1c1975cc9e23392a7b46
cde87a87ff004bcd031ff14bcaf31f598e4cbc33972fce7adb8b798d80d96723
114322a61e042f61dcd09306c0d19f875e41638452c3bf9a24a6c8251ef5ab72
77a38968b37bcb562fb8df2e70f08d312cabcaaf5dca09e995ead70240a05a30
65af772e03925fe6f08f4da235d1b7d529fc36ddfdfb4648276431f94cda0636
SH256 hash:
10be20900ede4a9da65e9141898bab028addb31a780602108fc57f7f7c597265
MD5 hash:
123a3ad1936b970f0d0470182e9fe99e
SHA1 hash:
19c2b60dcaa25bcf9a01f232f77677923f46b03d
Detections:
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/379f57ca-4744-47cd-b394-daee890c7bc9/
Parent samples :
a089efede840ee87f839049b84e2d055269fb6d0b349189e818f29658cbc3d11
4000571c4d2e02e55de74268eb9477d61f9f506c567a3eeb55ab7b68b395959d
f7431cb039b7b6deb859f5afd5c813fca0f9a1b47dbcb0cd7bba5ce3a9b754d9
042116c3502dddb64ef3b3cf600cb6488f4e928cc9ec95969a7314286e10a554
aa2a7a45f9361876ba300272fd6c98d32ccdf80927ad088cf114195afcfc78bd
b7bb528bfd86aea46c414f10f8463641a79e357b26d6b1b719d1e203bfa876ed
198596d17d62409a12b4f1f21e0a165774653713a4f9f5918ed710711b72573f
27769f4bb96d0e605bdc282658c6a729e4ceb8447cd9e1f9880c69862258e66f
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
77a38968b37bcb562fb8df2e70f08d312cabcaaf5dca09e995ead70240a05a30
SH256 hash:
15a2f3f366d28f1d98eee743872cff42ef615250088fe86fbffd1907451a5a4c
MD5 hash:
2b91adc863dcd50fbcfc54775895dfa6
SHA1 hash:
052d7bcec7a3ce66a708d78230b8e7bfb1a60077
Link:
https://www.unpac.me/results/379f57ca-4744-47cd-b394-daee890c7bc9/
SH256 hash:
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
MD5 hash:
0f8b8d6d1fc4bad651dc01b3804680ac
SHA1 hash:
d1bd9ca07ae999eeace9540fe1d42eb9184b11e0
Link:
https://www.unpac.me/results/379f57ca-4744-47cd-b394-daee890c7bc9/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f84f0208e1cc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AgentTeslaV4
Create hunting rule
Author:kevoreilly
Description:AgentTesla Payload
Rule name:AgentTesla_DIFF_Common_Strings_01
Create hunting rule
Author:schmidtsz
Description:Identify partial Agent Tesla strings
Rule name:INDICATOR_EXE_Packed_GEN01
Create hunting rule
Author:ditekSHen
Description:Detect packed .NET executables. Mostly AgentTeslaV4.
Rule name:MSIL_SUSP_OBFUSC_XorStringsNet
Create hunting rule
Author:dr4k0nia
Description:Detects XorStringsNET string encryption, and other obfuscators derived from it
Reference:https://github.com/dr4k0nia/yara-rules
Rule name:msil_susp_obf_xorstringsnet
Create hunting rule
Author:dr4k0nia
Description:Detects XorStringsNET string encryption, and other obfuscators derived from it
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Windows_Trojan_AgentTesla_a2d69e48
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/473251/

Comments