MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcb5bb27ba081b53d3ff4a4c1793ef411898dc4892194b60b275b81e22173e89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcb5bb27ba081b53d3ff4a4c1793ef411898dc4892194b60b275b81e22173e89
SHA3-384 hash: d28ad307298323e6291936087b1366ec5fb369ff69a5cd30797b27cf2ce0e2b292fa6a0e4e26fee078b4cc06604cdf20
SHA1 hash: ca66da994c0775e507998aa24452aea0b66a8906
MD5 hash: 48bc6625c23191bf95ca08b30c704a6b
humanhash: dakota-ack-purple-twenty
File name:dot.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:323'584 bytes
First seen:2020-11-02 08:11:25 UTC
Last seen:2020-11-08 14:31:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'662 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:vAd5KjOGz6jb7yQaXkJS95ZVEBbdN5i05ZAA9BP4s6EZ1b:vAd5KqjjCQu7jEBh/7bP4s6E
Threatray 481 similar samples on MalwareBazaar
TLSH FF648EFC715578DEE52F8436DAA87CA803B235A387CB5944826BB1D10A9E793FF0144E
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81743/
Detection(s):
SecuriteInfo.com.Artemis.11294.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Using the Windows Management Instrumentation requests
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/517971
Signature
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fcb5bb27ba081b53d3ff4a4c1793ef411898dc4892194b60b275b81e22173e89/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-02 07:33:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7s23wj52banvhu77jjgbpe7piemjrxcisimuwyfsow4b4iqxh2eq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
119d234e1f826adac6d68a614251fb9d1a20a4368102068ea030731372546f3c
AgentTesla
1cfd5099c6a8bf03aea60b09f4e7b829eadfcc1c0cc55f2c8bfbae01c03e56e2
AgentTesla
29afa981ce52f6dad0abae61dbb87c09fa3cf5b8a0aa6fafc0f59d3796a8dbb4
AgentTesla
4be1e912f4b6f65dd938f0a6fa1f1d9b8d4c20fc25ac3c3189e10013c29e4dea
AgentTesla
60152e8f49b376387ea78e05be97894b52c0dc862a9906248b12a441e840ee2d
AgentTesla
6a47bf03b1ffebac3ef5497af7d67aa562f3c401c3694d8551f7092f7f469313
AgentTesla
7e3e36dfb02909a470035b63d7db577f62431689e631fc7e1f21198745ce339d
AgentTesla
8bf29373cc2b67e3127fb655434ca8fb204d5189fe94163207a0300af787d060
AgentTesla
92488b6a7300d0e185bdf5abafe0994802aee0b007d8a5e728db045357be26ea
AgentTesla
d6d9a32fd696e4980d644f655563379ba7b04a2e3db03bbe6fbfb894fa68b152
AgentTesla
+ 471 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201102-cfws863ncn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Unpacked files
SH256 hash:
fcb5bb27ba081b53d3ff4a4c1793ef411898dc4892194b60b275b81e22173e89
MD5 hash:
48bc6625c23191bf95ca08b30c704a6b
SHA1 hash:
ca66da994c0775e507998aa24452aea0b66a8906
Link:
https://www.unpac.me/results/4e3ef619-9083-494c-b31c-7564f6686e2d/
SH256 hash:
cae0279356c4b842bce88b1905bd313894308bffe54f59eeb6ea9452cfb9fe1d
MD5 hash:
535d9e56aee58d946908578e0dded08b
SHA1 hash:
0df3561ba4398d95a126218135174dca876b2acf
Link:
https://www.unpac.me/results/4e3ef619-9083-494c-b31c-7564f6686e2d/
SH256 hash:
7e1a547a87dcd8ccc211413d2386b631bfd402f9a7baebdc699c894f824bc636
MD5 hash:
636ee4d3a43749deb26d69d1eb862305
SHA1 hash:
3db76d97ba864245abbb954264872670baa0fe37
Link:
https://www.unpac.me/results/4e3ef619-9083-494c-b31c-7564f6686e2d/
SH256 hash:
28707b0bb451abb526209ca2953c83eb441e139ab11fb2b771f30d64f0791cec
MD5 hash:
bfaf5b63c8dc36b4ccae8617578aa6a1
SHA1 hash:
a65a4ab09ee668ab02e5351f09e98c13ec00c7bc
Link:
https://www.unpac.me/results/4e3ef619-9083-494c-b31c-7564f6686e2d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fcb5bb27ba081b53d3ff4a4c1793ef411898dc4892194b60b275b81e22173e89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9eb548f1f79d2c3a6bdc7919fab0684c023543d54db75855886761cfd6522c8d

AgentTesla

Executable exe fcb5bb27ba081b53d3ff4a4c1793ef411898dc4892194b60b275b81e22173e89

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 9eb548f1f79d2c3a6bdc7919fab0684c023543d54db75855886761cfd6522c8d
Cape
Cape
https://www.capesandbox.com/analysis/81743/

Comments