MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67280c8037e45ad089dd27b8c21fb346a03f49a2026a1c2c4eeef8d86cc00e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67280c8037e45ad089dd27b8c21fb346a03f49a2026a1c2c4eeef8d86cc00e9d
SHA3-384 hash: 8ce23c699e8038dd4bfc4eff570705e1821ac722d55d602bb59cc60abd50143638750e097a066f8e2e1cee4ed049f7e9
SHA1 hash: cf94e4939a179ee5444f897ad9e0050115b2c587
MD5 hash: 4d04c34bbfeb646ccb5f7d0c62fbb614
humanhash: nevada-twenty-connecticut-salami
File name:89041003.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:559'616 bytes
First seen:2020-03-24 06:08:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:zDQCePEXKNIaNG+PDdtKkLI3XNuhUmXHjSe+3v3N31snknDOv/au/IiwyvB:z2rIZGKkLI3khk93v
Threatray 10'484 similar samples on MalwareBazaar
TLSH 1CC4AD9C726072EFC857C472DEA92C68EB6574BB831F5113902316AE9E4C897CF184F2
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.45472.19416.31683.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 20:28:52 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
27 of 30 (90.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4uazabx4rnnbco5e64meh5ti2qd6sncajvbylco534nq3gab2oq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
08fdccf1656b70f8bf5725536429039d536e2fa060ed2b1d689649ffb57e2cbd
AgentTesla
156725027df24f4c46f0d91fc5e24b6346562f1afa76cd5d64a854391790a20d
AgentTesla
2f2a4a900557ab71b03b6c026acaeb9f0e2d23f681c5d0ea58a9b0c493721312
AgentTesla
3acbeccd335e0141468ef85211cabec3f8cafc0583e94a0e59624905e972616d
AgentTesla
54e459b9722f9aa133e87abe7a92a8f5500cda7ba967ea9340978cee66631032
AgentTesla
e0d1c1f7fd8a8d07882ceeb4d681f9ff2b36912e9b0a8b182b3252599c2ea699
AgentTesla
e33fd03e66a31d3725c9028e7ccf5c9118dbdecef0966df6610da20cda1abf19
AgentTesla
e93f94c0bb264f3323526dcdce4efcd7e74a95f8d5b2609463a5d27c4b1200cd
AgentTesla
ef0e3fa0b391bdc3f8a6314ba3ca48cda4cea5a8e8e75f81681d70eaf4f3e39b
AgentTesla
ff4ce18a829161a6d3e62fdcc8ae87d234b8b964abf8e7cddb9f44e761ae4a7d
AgentTesla
+ 10'474 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments