MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54e459b9722f9aa133e87abe7a92a8f5500cda7ba967ea9340978cee66631032. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54e459b9722f9aa133e87abe7a92a8f5500cda7ba967ea9340978cee66631032
SHA3-384 hash: 2d8a3b3ba1e98f47d20213364192f1d659b356c9695e6316fbdcc9fa18dfe8b110d251ed23ec708899dfd51e779e7178
SHA1 hash: ec9a8a52875ec07b193d9dcee86e3be2f079f22e
MD5 hash: cc225ef728bcb047bb546d0c62a0c426
humanhash: early-oxygen-florida-montana
File name:screenshot#2 2020-03-25at2.45.15.png.xlsx
Download: download sample
Signature AgentTesla
Create hunting rule
File size:97'061 bytes
First seen:2020-03-26 05:57:36 UTC
Last seen:2020-03-27 09:16:35 UTC
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 1536:HO8aXZ4xj4eKHQPVtkqCPTBhKHkJiivZsel3q2lNg1doxDUfsf7sWUlLLIpHh:uVurKwttkxWkJig6eRrgTWU0wWKIth
Threatray 10'400 similar samples on MalwareBazaar
TLSH 4793128175D4401E497FACFA0BACBBD453D60793916E8E5EBAB771D20B0B8429EC9086
Reporter cocaman
Tags:xlsx

Intelligence

File Origin
# of uploads :
4
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.XML.Autoload-1.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 14:28:43 UTC
File Type:
Document
Extracted files:
13
AV detection:
26 of 47 (55.32%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
01d43d7cb3dbec2a63010278022dfc40b9ae38d39ac709e06c612635ad0fe51a
AgentTesla
238b5720f4f7c36b7eb7c7d894a94ed70caece21b28db5d02ef04040bc3681ec
AgentTesla
39f941ff6d8ec16ef4b15952ab1107b7fd652a651f75ec8ed3125bd741819b0f
AgentTesla
3acbeccd335e0141468ef85211cabec3f8cafc0583e94a0e59624905e972616d
AgentTesla
577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28
AgentTesla
5ecfea430f1801299be4a50346c041ba396e4b7e30f635f7ec579ebf56328d80
AgentTesla
687b91945faf3353eef05a5ca2b3e5816a8f36ba82e843cbabc760e4fdcd523b
AgentTesla
8daf58146648177ecc0b8da2ee4068ef7886065792c7f6fa9eb03fc77c041e83
AgentTesla
b7f91e8b80d469bdd1ab452b999a839daff2bd5deb86d24d9a197e7a2941b604
AgentTesla
fa02a7e8922b8a0a152ff8ced55d3b005e6eac67af9d9eff7ec03192b6d1aee3
AgentTesla
+ 10'390 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:win_alina_pos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_gootkit_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Excel file xlsx 54e459b9722f9aa133e87abe7a92a8f5500cda7ba967ea9340978cee66631032

(this sample)

AgentTesla

Executable exe 3acbeccd335e0141468ef85211cabec3f8cafc0583e94a0e59624905e972616d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3acbeccd335e0141468ef85211cabec3f8cafc0583e94a0e59624905e972616d
anyrun
any.run
https://app.any.run/tasks/9fd816c0-e240-4051-9d70-493a94324a91

Comments