MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cebebf611d98fbf9a5775158f605007726df01d2d4622431d6137665203c22d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cebebf611d98fbf9a5775158f605007726df01d2d4622431d6137665203c22d
SHA3-384 hash: 9f956e24b8e375b089752948f66c78aad7eb3b5dfa9ba50cebde34328f887d40194d2e33ed114843e5e4d4773dbdea41
SHA1 hash: 7a9215c6ea5e1f00060b07b06d72e4b783663476
MD5 hash: e69306bd897ad6bedb06bb844f81cace
humanhash: king-beryllium-wisconsin-moon
File name:DHL-#AWB130501923096PDF.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'232 bytes
First seen:2020-03-26 16:58:06 UTC
Last seen:2020-03-26 18:36:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:R3pw/l4HZDruEVuq0a/8co9PUUkoEoeOTEsHCTsw:c/KH5NVuq6fUdoEITEOCgw
Threatray 11'112 similar samples on MalwareBazaar
TLSH A194122E2398A27FD89F4B38B495424257B18367F1E3F3AD4DC5B4E259C7364870268B
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.AgenslaNET.1.12098.6574.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 13:12:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptv6x5qr3gh37gsxouky6ycqa5zg34a5fvdceqy5me3wmuqdyiwq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
02338412aac57c2f4a08135cd7b9a7719519d91627ad8dc62c19c2e147a07de7
AgentTesla
2b567aa06d064901f65e5e285d5a98bf636b6804f32946d5e40b9b3e4b8dd224
AgentTesla
3c913eb5c708579a85685ccee10a9ce487c51f9da743f2100c46e3e0e88d2569
AgentTesla
3e15618bfc4d25f09945e0d56c58c85403faae1db64b55db6caacbb11e476fa9
AgentTesla
430e12161cd33ef55da30dd43639bd7924009a568d7ad67513d0051f63ae26c8
AgentTesla
829008943eff3aa587242f2dda6989e2f2b1e7cf7abcb10099071aa2444a9cb8
AgentTesla
c7839a3137610ece15b06c73cb4e9ad2b7d175630c13717649974d1965d1235c
AgentTesla
cb580aefeab71d89497055434d2e09f655bf686c8e19db6cafba62e14b9415f6
AgentTesla
de51c601d1757953b944489454503ebdb6e95d39e19e5fb13838741e46533dd6
AgentTesla
fc6d76b83d4292945015a7a7b9440f510732a070d9d1cefd26fc3d46591cca9f
AgentTesla
+ 11'102 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments