MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb8be54633a272604b64a7b5a79b6d123b30d1763d2235e9d81a960b858328e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb8be54633a272604b64a7b5a79b6d123b30d1763d2235e9d81a960b858328e4
SHA3-384 hash: 4f6685be6b3eadcf8855a28d357b3d3c78e76c8d84d0cbf2d46b64409d02f779c62611816ea589f0554e2a8ad2de9b8e
SHA1 hash: dedf9fc5fdadc5206b9e62f5db98c27caa1114c6
MD5 hash: cbb05276c2da12af44039e256c755219
humanhash: friend-low-kansas-muppet
File name:SecuriteInfo.com.BackDoor.SpyBotNET.25.12475.29991
Download: download sample
Signature AgentTesla
Create hunting rule
File size:220'160 bytes
First seen:2020-09-29 00:38:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 6144:QxyyH1nUrox/1dpxawJFNa/GbccA3iMq1w1zW8jcDW:b2wE/1dpxlpLccjQ
Threatray 206 similar samples on MalwareBazaar
TLSH 90241856178C9D21CF7E0178C057821837F19633876A92CF6AA2D8FE1B872C9FD1A9D1
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/66577/
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.12475.29991.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/476988
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb8be54633a272604b64a7b5a79b6d123b30d1763d2235e9d81a960b858328e4/
Threat name:
ByteCode-MSIL.Infostealer.DarkStealer
Create hunting rule
Status:
Malicious
First seen:
2020-09-24 03:19:06 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
10afc2fcb1ac4d85ac3076f260e008dccee9f1715fd56d1fa6180d504655275d
AgentTesla
254e6d691fc7292fba06fc4f127d509743961835b12079ccc5a96f53ffee1648
AgentTesla
68c67f845d8c48aa74901553deb7cc31b7f2a27954d75e4f67093c70f81eb9d6
AgentTesla
b3332f865f362bd89aaa305a8b8ec5d3e5b6ddae9e704b70a2d36723550415b0
AgentTesla
b646b8f4e9a67cab72124eaa7db809117f7d887e27e2eaafffacdc2703668cda
AgentTesla
b90e648ea2d913c493765798db8d443a355bcba18f973c5957e5f959ad794a60
AgentTesla
be2763ce4e6c5c6a228efc795006966af947a33bb7992121d9f139f161f7ab15
AgentTesla
c95b9b5cf40c96d46c8a6443c458575ccb0cff8e0f750a3e9506c62a155bcfb0
AgentTesla
d5d44e7e31d0ae752539ce070a13f61d68bef86bb29b2f1650b2dfb42e999729
AgentTesla
fb9170b75704e2202310a4ea95652f93cfcc6d4c4700055156ebb8e5532c4a9b
AgentTesla
+ 196 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
spyware keylogger trojan stealer family:agenttesla
Link:
https://tria.ge/reports/200929-yqga93vjg2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
fb8be54633a272604b64a7b5a79b6d123b30d1763d2235e9d81a960b858328e4
MD5 hash:
cbb05276c2da12af44039e256c755219
SHA1 hash:
dedf9fc5fdadc5206b9e62f5db98c27caa1114c6
Link:
https://www.unpac.me/results/6aef1706-fe58-4309-a177-0341d21a7d40/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Backdoor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb8be54633a272604b64a7b5a79b6d123b30d1763d2235e9d81a960b858328e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/66577/

Comments