MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ad061c24c84f2447a904efc6f615937d0764e3c717505b962e11f5320c17599. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: 5ad061c24c84f2447a904efc6f615937d0764e3c717505b962e11f5320c17599
SHA3-384 hash: d68a6be358b3aa03e726aaecd4e5cdb27c5415416bab05aefcf6cc09cf268c6fdbc2367fd00bdc0fc7c0ccce1ab7d6d0
SHA1 hash: 79ec5e71f66516692575a9e5bb2d374c9b3b288d
MD5 hash: ec126cc0b69d2c783cadc8373585f3f0
humanhash: grey-east-juliet-seven
File name:Quotation.exe
Download: download sample
Signature AgentTesla
File size:547'328 bytes
First seen:2020-06-30 06:31:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:a9Ntv2x5bwzpbFq6CAWUZ99vYiXXR2fOEW6Q3h4+iZu/zeld08Rt1iO73333333W:a9U+beUr9l2WGQx4+Qu/ald0oC
TLSH 7EC4F1B9364DAC2FC23419F88652A32417B59DB83856F3C39ED232EF55FABD50841A13
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: hongyuetools.com
Sending IP: 156.96.45.183
From: sales@hongyuetools.com
Subject: Re:Products Image and specifications
Attachment: Products Image and specifications.img (contains "Quotation.exe")

AgentTesla C2:
http://chr.coura7ge.com//inc/e1bc43098f6001.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 29
Origin country FR FR
CAPE Sandbox Detection:AgentTeslaV2
Link: https://www.capesandbox.com/analysis/16825/
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/5ad061c24c84f2447a904efc6f615937d0764e3c717505b962e11f5320c17599/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 06:33:05 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-e5n3d7m9s2/
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 38.36%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 5ad061c24c84f2447a904efc6f615937d0764e3c717505b962e11f5320c17599

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments