MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a4a88659d3c4afd400027535885406c187ef780b4ac69a5f649d41b6f4a0278. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a4a88659d3c4afd400027535885406c187ef780b4ac69a5f649d41b6f4a0278
SHA3-384 hash: b3bdc54c64440a5a48b3c47efc8e9bed42999c91a09fee0a8490b85e56f434a8e688bb6c68c161a0e81e66f65039a54e
SHA1 hash: a65860e3aab9c0b3ddc85dfe637d0f20a28b082f
MD5 hash: c43712a220c16a8b4b34aa87d512841a
humanhash: eight-sierra-sierra-dakota
File name:Shipment Confirmation.pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:738'816 bytes
First seen:2020-04-23 14:01:03 UTC
Last seen:2020-04-23 17:07:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:WJXhe51p09ATlOF3HWR398LivZV0nS/bXqfqxwusfGHKMY2UsI9WrhPgaI:WJMriATGW7uiv30KbqiiRlMYgIA4aI
Threatray 10'616 similar samples on MalwareBazaar
TLSH E7F4F0C137E84977D6CD40FBE4410483BBBA831B9A03FF95E651A1F95C1336AA9266C3
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.bc.22121.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Cryptinject
Create hunting rule
Status:
Malicious
First seen:
2020-04-23 14:00:36 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rjfiqzm5hrfp2qaae5jvrbkanqmh554awswgtjpwjhkbw32kaj4a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1202d6110f0fa5aecf81baf88daac119a102ab05b374001005f75c86b9dd8789
AgentTesla
38e46b5031110bf9e855ae4f3d4ebb597a567a759043447bb035e9e61ec6eb9e
AgentTesla
593f6f872a3f5c378bc43383cebcf468f3469dedd09e3ad9bd0c3e6ae266549d
AgentTesla
948a9a4b496fc673f982932704127dff693ecc406254af11d1e9029f2b85553d
AgentTesla
9542111aea614cb0c9eef7850e6778a5e3d99ad6b0c92015985950a3ee4edda8
AgentTesla
a86963a2cc10f60fcf875abc6245f32e943042e5947a05d81b312d4f4f4a9b4e
AgentTesla
b93b0f1932df3b275412f8069e92abd4090a6fcbf91920924532a784d5fc3cc0
AgentTesla
cc7fd471fbfa9e9abdc8043c0ed151623675062a5373453dab344dcc895f0bb3
AgentTesla
cd900861dd2eea71d081d846a61c294e188774998b3e44f52b511c6ff279436e
AgentTesla
f1cb5ac38489df6bd48129c7b483df8990d0dc8a104f0f49a85842dd1266d163
AgentTesla
+ 10'606 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments