MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0de5bcc23dcfed9f7b902e5be03c518692b168180a1fc5d239c5bf01ea9be122. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0de5bcc23dcfed9f7b902e5be03c518692b168180a1fc5d239c5bf01ea9be122
SHA3-384 hash: 018bcf8d6473673fbab8d5a96a3a55f761ac0c7d22131f454a2f9e9e115bb528641f0ea815d70348bb3725044e03ec3b
SHA1 hash: fc0b249b61b7a920a96929629466a9eb45f03fee
MD5 hash: facea2b6dfa6ab71877b8c96e15e8a0b
humanhash: black-muppet-fruit-virginia
File name:vbc.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:512'512 bytes
First seen:2020-06-30 14:58:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:BfZtzcH7XFD58nkwr/lC1bx4a1/QkwK7D3mxEtHVq231bo5f2AQ78ryxf:eRD58L/lItykwK7bG8HVj3NC2
Threatray 10'604 similar samples on MalwareBazaar
TLSH F0B4CF1927F8D924D23E6336FA61415283B7E523D89AE30F1A889DE519D33CBDC87346
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17284/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WOU.12454.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0de5bcc23dcfed9f7b902e5be03c518692b168180a1fc5d239c5bf01ea9be122/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 14:16:29 UTC
File Type:
PE (.Net Exe)
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxs3zqr5z7wz664qfzn6apcrq2jlc2aybip4lurzyw7qd2u34era._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
44d65b93eceec4fd2bff72984dc09943233e36583ec80198cc00bf46d90c64ee
AgentTesla
65603c7a88beb93205d2012ca8d63dba310fc0f7f91fc81300734ee3b2eb3f10
AgentTesla
75830575168e1d024a8d0c86764cb9b88eea3c79f0c4a24fb39d4e94fd2c42d7
AgentTesla
a8f1b181c37984cf41eb816ec9375d0ef94a5d6dd17f846612b9c95f4129bdc4
AgentTesla
aff3a5fa9bbbeaa48631511bfcf0a0cd9b4873cb2087acdc6e7a05fe3bfaaa2a
AgentTesla
d2b2c311da183d92a228d5bf6f5e108c6b01af4c2cd890a9aa71f6ad2353cc1c
AgentTesla
dcbd6522b7ba8bfb856038cf4dcb24782cab61a9e3ce15bbf9afcdff9c6c4f4a
AgentTesla
dd668abafa9cbdf937e710f2e2e7f6228ca99c7a226b507d43f887c03dff8509
AgentTesla
f1fddc0cfd9632772ba10b059d83a1bb34b01a81766e61804bc39ca3898c5211
AgentTesla
f4ca965db7cfd5944b5d6902f391f91f7c3994973955f2af97a91ec146977cc4
AgentTesla
+ 10'594 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200630-ap9gxcfk3n/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Create hunting rule
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/404644/
Cape
Cape
https://www.capesandbox.com/analysis/17284/

Comments