MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fffe3f46408bc216dfa3fbb9f927b1d6ce8c1ba48b0a7bf2d419d9893260f732. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fffe3f46408bc216dfa3fbb9f927b1d6ce8c1ba48b0a7bf2d419d9893260f732
SHA3-384 hash: 2a7511bc04f5f6f50da4b6396e56e0131482e0edd7e478064f610407b6af6c0d1003828ffb6e6b020c376a15d22d6303
SHA1 hash: 0885a1d66ce2982b819ac1f0ae41867c0d137f1d
MD5 hash: 439ff883663cce424962dacc28081a01
humanhash: island-may-william-artist
File name:SecuriteInfo.com.Variant.Bulz.381218.27588.10013
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'887'744 bytes
First seen:2021-03-04 13:44:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:gL/hSzE37hV3ZrJAYxqYk6Ku+V+lUnZrkCBjNy1:MhSz+PfAYxqYq1V+Gf
Threatray 35 similar samples on MalwareBazaar
TLSH E6957D0122947F24F17E2F3B89A8E1A1D3FEFD019B02CA5F68D4759E59B1B114E4B227
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Bulz.381218.27588.10013
Verdict:
Suspicious activity
Analysis date:
2021-03-04 13:48:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3579d348-89c2-4218-9d62-0a7264a1e078

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/122276/
Detection(s):
SecuriteInfo.com.Variant.Bulz.381218.27588.10013.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/628655
Signature
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Found malware configuration
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fffe3f46408bc216dfa3fbb9f927b1d6ce8c1ba48b0a7bf2d419d9893260f732/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 13:56:01 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=777d6rsarpbbnx5d7o47sj5r23hiyg5ermfhx4wudhmysmta64za._file
Verdict:
malicious
Similar samples:
0a818e0d6e682be8b8b7a4ec2becdb2de6c05d5503c6f397a63d18ccf0fa9b0f
AgentTesla
4990b0164b660d9e8966fb35fc3d5f4f30b42c7e3861a14fc9255075b129c86e
AgentTesla
6cb469942c62201df016b93c2aecb28508c3594d60b385e654c3f7f9be1e5697
AgentTesla
9885e59ed40fe0dd7227188294b241c1c4d2d488c656c2409648efeeaf560d07
AgentTesla
988bbad8a48d5a66c06478290c947492ae662576793a26028d9a87fa652b84aa
AgentTesla
a2fcf009f5042c7af4e4c1ee951773af132cea67440e0bd813e435c60bfbedf0
AgentTesla
b0f770f98c7385bdc31fdb8429b6d6e31e40a005cfdaeb9539f92eac357ba486
AgentTesla
bd784854e186a0f43ecfba7babc1f16bf5e8b42d8674e8f7af4443cefc99e719
AgentTesla
d27174550c627e2ae425db9dc83ed7cb1856034184c6ce333efcf383506abd88
AgentTesla
d772a7709f4e53addd0e12c3bdbd5759f75ce4792131004947480c84160b4a6a
AgentTesla
+ 25 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/210304-g6m4hh1s1x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Unpacked files
SH256 hash:
f9d949d2f56c449c5d346bb93ed04d38426f563b022dd179ae330dab46682c3b
MD5 hash:
871e23d748ba756eaab5777708f250f8
SHA1 hash:
c9816d4ab38541aaab9aa3eab7cb4898d0b72e4a
Link:
https://www.unpac.me/results/cb702be7-068a-4fe0-901d-c8db3d72b181/
SH256 hash:
fffe3f46408bc216dfa3fbb9f927b1d6ce8c1ba48b0a7bf2d419d9893260f732
MD5 hash:
439ff883663cce424962dacc28081a01
SHA1 hash:
0885a1d66ce2982b819ac1f0ae41867c0d137f1d
Link:
https://www.unpac.me/results/cb702be7-068a-4fe0-901d-c8db3d72b181/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/fffe3f46408bc216dfa3fbb9f927b1d6ce8c1ba48b0a7bf2d419d9893260f732

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/122276/

Comments