MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b28e11377a023f06d0cf8035e3b2146192004b32e1d0079d01a4958b639eb0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: 0b28e11377a023f06d0cf8035e3b2146192004b32e1d0079d01a4958b639eb0d
SHA3-384 hash: ca8c088ee556f3aef1f615193a32795bf45402d8b4a2b77248a8cd6e0814c038657938b2873680ff3c1c77b6f800cb38
SHA1 hash: a92461392621be1c194df73a1566c32aae0bbd93
MD5 hash: 54c61c56674b4454fd32e775f81bd278
humanhash: stream-neptune-shade-potato
File name:DHL0117389200183PDF.exe
Download: download sample
Signature AgentTesla
File size:710'656 bytes
First seen:2020-06-30 07:13:47 UTC
Last seen:2020-06-30 07:45:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:wuAzoRzTjQIr1+VEAMME3dJi0GK5JmdrwexJshsOY2GBiewTDWtBRN:wXoRHoGNJi0GK5JmdrpruyRN
TLSH 72E4E93A7985E505C12C1A33C0EA599163B1A5833B33CB0F6EC957AC6E027DB7E17369
Reporter @jarumlus
Tags:AgentTesla

Intelligence


Mail intelligence
Trap location Impact
CH Switzerland Low
Global Low
# of uploads 2
# of downloads 34
Origin country US US
CAPE Sandbox Detection:AgentTeslaV2
Link: https://www.capesandbox.com/analysis/16877/
ClamAV SecuriteInfo.com.CAP_HookExKeylogger.701.20571.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/0b28e11377a023f06d0cf8035e3b2146192004b32e1d0079d01a4958b639eb0d/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 07:15:06 UTC
AV detection:22 of 31 (70.97%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-2mf39y9gtn/
Tags:spyware keylogger trojan stealer family:agenttesla persistence
VirusTotal:Virustotal results 26.03%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

21d408ffc737dcd1098df6279efa1741bee621d27c26779a8f566e4913e0a9ac

AgentTesla

Executable exe 0b28e11377a023f06d0cf8035e3b2146192004b32e1d0079d01a4958b639eb0d

(this sample)

  
Dropped by
MD5 6492492143ce460b568dba86baf25f9d
  
Dropped by
SHA256 21d408ffc737dcd1098df6279efa1741bee621d27c26779a8f566e4913e0a9ac
  
Delivery method
Distributed via e-mail attachment

Comments