MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 689e10eed6804131422d026781776edeaec42d42a35b65512d70acbc3631946b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 689e10eed6804131422d026781776edeaec42d42a35b65512d70acbc3631946b
SHA3-384 hash: dca3813c4fd563ec27451862205c2ab59457189eae53edacf1f660324cf16ae9e1d55313723a673799f38000c8887897
SHA1 hash: 99768b6662f6aeaead45a450c8adcb370816fc9f
MD5 hash: 00a0b4099169e702547795291abcf158
humanhash: cup-four-sixteen-quebec
File name:MT_Sinar Maluku V.04.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:638'976 bytes
First seen:2020-04-13 05:40:24 UTC
Last seen:2020-04-15 05:16:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:8UTP4PotKUt5/n8/G2x9l8M/7EJrwjhJrG:1VKUr/ny9lqJo
Threatray 10'556 similar samples on MalwareBazaar
TLSH 2BD4CF2439DA9059F0B7AFB537D5B6E6D9AF7F62360A905E205013874332A83DF3113A
Reporter paleoarchean
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
7
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.47118.17786.22521.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 04:10:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ncpbb3wwqbatcqrnajtyc53o32xmilkcunnwkujnocwlynrrsrvq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1461847eee6ba8dcadbebb76d93add24569d3d16e7ecaa2078c7eb503d43ed39
AgentTesla
21bd1e815e8a6893cff55b01202beff753c20b21594e5d9b92f91ad0dd92ba4f
AgentTesla
285dfcf7b80c7e082218135e3b93eecd1b623ef2a86c5d3bdf9c51978d1ee62f
AgentTesla
3aa90f6583dde40c643519b2baa2f5d3b3a0e5c4ab54b7e7f64cf662f8c0fabb
AgentTesla
aa0f1a940eb70b6df4c14ae0ed7c493c24e930d32fbe762dfa4988bfb8e42ea7
AgentTesla
b99b29a8131f9d846fe70bc0700d1b700e484399e5153d7819ef1305495296f6
AgentTesla
c3d2cae309fc29bc97da302dd28532093cf05fa5c2d8e05dfb1199dd69387cc6
AgentTesla
ce41ab91dfb37caeee2c7e4aaf66bc6d611b482b4ac210ae908b6d5090ad4989
AgentTesla
f70e14a49f9ddfaaf531f422e34abf77c5d856f9cfd6b7cb45609184e40f10bb
AgentTesla
f8aebcc9afaa71ce6097fb2b9dc2f412c1c98b358fce687f98f3e379216c8fe7
AgentTesla
+ 10'546 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 689e10eed6804131422d026781776edeaec42d42a35b65512d70acbc3631946b

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments