MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb0911990564af7079182bb5d5b798145056413d295927ac4c53cd1abc4512dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb0911990564af7079182bb5d5b798145056413d295927ac4c53cd1abc4512dc
SHA3-384 hash: a22e8a316c1e3ead90e0697b06c214c2e5c602c22ddac3bd988ca9c5c022ea0a8fa68aa5a7c193d8e109b20a4ff72193
SHA1 hash: d8f4cd9961ea6ba165efe45fab8a2990c4f3622d
MD5 hash: 662668843236c34128959e9b4275ac16
humanhash: shade-bakerloo-maine-zulu
File name:EA-005210-5219-20-21-25 NATSIONALNY.bat
Download: download sample
Signature AgentTesla
Create hunting rule
File size:472 bytes
First seen:2022-11-25 18:02:55 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 12:YtsLui269Ry4E2vjWOkTgfxDJS25b5B7qjz595Zq:YtsLuib9RywLWOkQjz50FDZq
Threatray 20'116 similar samples on MalwareBazaar
TLSH T104F0AB075BDC45F1871F6D02F4C7E1E62A961CF83EE0137C194D6EA01BD83059848AC6
Reporter 0xToxin
Tags:AgentTesla bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
IL IL
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
EA-005210-5219-20-21-25 NATSIONALNY.bat
Verdict:
Malicious activity
Analysis date:
2022-11-25 18:05:37 UTC
Tags:
trojan loader agenttesla
Link:
https://app.any.run/tasks/56a0f9b7-3270-4a4d-abd9-214d1c39e057

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/338559/
Detection(s):
SecuriteInfo.com.BAT.DownLoader.719.3078.13845.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd cmd.exe packed powershell
Link:
https://www.filescan.io/uploads/6381035900c584752ee1e52c/reports/9a0e5441-695b-4a3d-9d44-6fbf56972e0a/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1121301
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
PowerShell case anomaly found
Sigma detected: Powershell Download and Execute IEX
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 754018 Sample: EA-005210-5219-20-21-25 NAT... Startdate: 25/11/2022 Architecture: WINDOWS Score: 76 29 Snort IDS alert for network traffic 2->29 31 Malicious sample detected (through community Yara rule) 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Sigma detected: Powershell Download and Execute IEX 2->35 8 cmd.exe 1 2->8         started        process3 signatures4 37 PowerShell case anomaly found 8->37 11 cmd.exe 1 8->11         started        14 conhost.exe 8->14         started        process5 signatures6 39 PowerShell case anomaly found 11->39 16 powershell.exe 14 15 11->16         started        process7 dnsIp8 27 codesparrow.net 104.21.31.135, 49710, 80 CLOUDFLARENETUS United States 16->27 19 vbc.exe 16->19         started        21 vbc.exe 16->21         started        23 vbc.exe 16->23         started        25 2 other processes 16->25 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb0911990564af7079182bb5d5b798145056413d295927ac4c53cd1abc4512dc/
Threat name:
Win32.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2022-11-25 11:40:35 UTC
File Type:
Text (Batch)
AV detection:
6 of 41 (14.63%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7merdgifmsxxa6iyfo25ln4ycrifmqj5ffmsplcmkpgrvpcfcloa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
106e360fa4467673bc46d467e7436c9cdee3d638cd14db8f5c8aff07fec90ebe
AgentTesla
1cb43bce49d7a44e1002c1f05659947a5cf9be256d585179af424a495d0716f7
AgentTesla
5e06fec23859ec0d327ed84a9b536a03ca52204cedf4887149150cf7d02db8e7
AgentTesla
61d404fca3e77c9da77c817cf0e35541e15ea11350f6068d22e33a03a28a5e35
AgentTesla
68560ba1282ff5825be68c2a7c9aef2fa6a643a42fbe1947572fa5a1d0281425
AgentTesla
b396f3f9fa5b3acac6ddbd6699ceeff35c671c1d0d595a69b187c2a107cd31eb
AgentTesla
e1f6499af945fbe2e4f284b3876da1182ed49bd33ee58eb5989585cf2413e9d1
AgentTesla
+ 20'106 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/221125-wm15esgg6z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses the VBS compiler for execution
Blocklisted process makes network request
Downloads MZ/PE file
Malware Config
Dropper Extraction:
http://codesparrow.net/ez.Ps1
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fb0911990564/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb0911990564af7079182bb5d5b798145056413d295927ac4c53cd1abc4512dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/338559/

Comments