MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb83c6ac32031751435ebac7231348bafae1abe603dbeb9dcc7f88a8cda49655. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA 3 File information Comments

SHA256 hash:	fb83c6ac32031751435ebac7231348bafae1abe603dbeb9dcc7f88a8cda49655
SHA3-384 hash:	4196d827e117031c634b08d51b1181c39b14517c13d1b62cd28610f043d0896931d7b2acf76e2815aa49d5a0e2606d65
SHA1 hash:	62cec1e292cc2658bc4f6776b04e79d87ca82cd3
MD5 hash:	3cd86d3079271389e6d6fbbb3e024038
humanhash:	ink-ohio-wisconsin-echo
File name:	3cd86d3079271389e6d6fbbb3e024038
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'648'816 bytes
First seen:	2020-11-17 12:23:05 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep	12288:LK7aX94PGp8vrw3MFwtErSNhnSJRIy1sVnkuwiSXH8wSbSu09ikeHlcTN8x0Tq6l:LK7WYIyAh8THt
Threatray	1'306 similar samples on MalwareBazaar
TLSH	3C755969F03D285D6ED926E6ED1062ED01DBFD34BCA2910FBC5942C24C80A959EF0DF9
Reporter	seifreed
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Unauthorized injection to a recently created process

Adding an access-denied ACE

Creating a window

Using the Windows Management Instrumentation requests

Creating a file in the %AppData% subdirectories

Enabling the 'hidden' option for recently created files

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fb83c6ac32031751435ebac7231348bafae1abe603dbeb9dcc7f88a8cda49655/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-11-11 05:57:02 UTC

AV detection:

20 of 28 (71.43%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7ob4nlbsamlvcq26xldsge2ixl5odk7gapn6xhomp6ekrtneszkq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

10791cad73c6725fb874bbce635798638b7b53a6c6653c5ce76c02798fa01ab5

AgentTesla

24098778dca36a5ff9aa4ce38ab0bd9cdecfd3a8dc3f563e694111003d6f7827

AgentTesla

44cfa0be06349620b796b631d727ef0997c05097ec3cc72e0f83aed765b6c630

AgentTesla

69802a718d5caaf3e8c9e319eb703dcfa34971d9f79f9b8135b722a0cf12c74b

AgentTesla

7c1cc691d4f45e93604996ead834345964e3ccc2e20c0df32376cf70c81fa802

AgentTesla

94493ff262c556d80e0cbfd7bb7741003335e4a10f80111b2756499c6cd058f9

AgentTesla

cbc1b2bb407f02710060a11cdd74386337b92597af3d8de8c1d90c33672868ec

AgentTesla

e064cd70ae6467ad9c0342b4750cae4fb688c56b0d904ea4091aa074e174dcf0

AgentTesla

fb1c77156c32d3643f2b21550110a48c3bbf869d2f0aa099b7400646e1fcaeb5

AgentTesla

+ 1'296 additional samples on MalwareBazaar

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger persistence spyware stealer trojan

Link:

https://tria.ge/reports/201117-jvn9ksdz2e/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Adds Run key to start application

Looks up external IP address via web service

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

Unpacked files

SH256 hash:

fb83c6ac32031751435ebac7231348bafae1abe603dbeb9dcc7f88a8cda49655

MD5 hash:

3cd86d3079271389e6d6fbbb3e024038

SHA1 hash:

62cec1e292cc2658bc4f6776b04e79d87ca82cd3

Link:

https://www.unpac.me/results/adf5e823-5d44-4e67-b292-e4639eed9382/

SH256 hash:

7d76f5a51f9b1392799d8238d15b59dadf176ec9929679bdfcf29cd8246f8000

MD5 hash:

485e148c6ed93216f3d05ac782dac82f

SHA1 hash:

8f3c9e688b9207174f4c32bf99911e4e728d5408

Link:

https://www.unpac.me/results/adf5e823-5d44-4e67-b292-e4639eed9382/

SH256 hash:

a277992c8c65c9138a765c533575913b9938c86e60120a1d60704156e9759e77

MD5 hash:

202ad73cba45df855757d0adb7ba783e

SHA1 hash:

e57c842cd835f0e5304f1bc324d46030d75af51a

Link:

https://www.unpac.me/results/adf5e823-5d44-4e67-b292-e4639eed9382/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	ach_AgentTesla_20200929 Create hunting rule
Author:	abuse.ch
Description:	Detects AgentTesla PE

Rule name:	MALWARE_Win_AgentTeslaV3 Create hunting rule
Author:	ditekshen
Description:	AgentTeslaV3 infostealer payload

Rule name:	win_agent_tesla_v1 Create hunting rule
Author:	Johannes Bader @viql
Description:	detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample