MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d532943225b4d95f3e125112bb2e2cdee16d81de8f89f6cfc22b754c47a5a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d532943225b4d95f3e125112bb2e2cdee16d81de8f89f6cfc22b754c47a5a16
SHA3-384 hash: ccb8546844a2a7a7fcfed1b78ba777e7dca7097eb776072e93ed5cee7e2e13759d3a89340f900c0f68a229176efc1745
SHA1 hash: 8dde05c91829b32ea3be28c195e7b444a7808abd
MD5 hash: e078e809416b7702f95eadf9e218ec0a
humanhash: orange-mockingbird-thirteen-south
File name:Bank Receipt.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:526'848 bytes
First seen:2020-04-13 05:33:43 UTC
Last seen:2020-04-13 05:49:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:ShJvFJWe/miz9Z+BV4PpkCuUKQUDqtakjA43mIxgmwL51mVkL:mtJhpAUKQUDo8/+zwL52k
Threatray 10'660 similar samples on MalwareBazaar
TLSH FBB4BF2426EE5619F173AFB546E87586DBBEBD333616D40C189203CA4623F80DD91A3F
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 01:42:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hvjssqzclngzl47beuisxmxczxxbnwa55d4j63h4ek3vjrd2lila._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
12afcd370e4beae67e78b936b7ba8035642ea4e5921a332b0a8ffac8452fa0ac
AgentTesla
4e892591da59a34dbe9f193aee50de68ada3b074011a28f14323539147c554a6
AgentTesla
767093d7e2d1a9257fd480fc0c44b3988b08ea07ac4a42eb26e1b9c80349ac8f
AgentTesla
bcfe28b074cc1d9b0fb7896ee3eb4d28c240bee33cb76578f0f9f1ef90ab92e6
AgentTesla
ce65e72af04a48622898819f6b4917d1de4eeef8cee4917d4354f1e80de5796f
AgentTesla
d0c77742b157afdf17a6f216f672cac3c56c2c53220f6c3fef07fadf0da502a4
AgentTesla
dcbfc03cfe9523c25ab335f599cebcbbe8f2439ef7ab973aa9ec0330e4e7d11f
AgentTesla
f07181ecedecc14725115fc329ce7515ccba9b8da3e05eb95b793bd470e687cd
AgentTesla
f0c92379b72cf50682e6207b554234e636ea40cc31d98c9fa491c6314b20687e
AgentTesla
f8166c3c857a7a3ba99515cf6ae242a78050fba7608e24a88e2559e0063a187a
AgentTesla
+ 10'650 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments