MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bbbbb12a3c24a9f9b5c9913a5279ca04d0e3c02e6a2b8e2988c26f72b3ca0ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 2 Comments

SHA256 hash: 8bbbbb12a3c24a9f9b5c9913a5279ca04d0e3c02e6a2b8e2988c26f72b3ca0ec
SHA3-384 hash: 9c5a47e7f052f69a88268de493464c396e5d157fb28f4dbdf45e413f9ba7c5bea319325a1640a0448e92edccd66143ef
SHA1 hash: ac48362fde1e24677eee874075949e79ad5d1d0e
MD5 hash: efc40f34ce8f5f1398daa482829e36b5
humanhash: crazy-whiskey-india-north
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787
Download: download sample
Signature AgentTesla
File size:738'816 bytes
First seen:2020-08-01 13:28:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:3jD9fx7oqF/UEJuAth5qPSrz92KnoEct3/d:3jD9ho9EAlyzHoZv
TLSH 4EF45A1D7AC67809D53D563288B85AD07771F1877B22C70F39CA075C9F036AB3B069AA
Reporter @SecuriteInfoCom
Tags:AgentTesla

Intelligence


File Origin
# of uploads :
1
# of downloads :
38
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Geo location:
IT Italy
Volume:
Low
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Result
Threat name:
AgentTesla
Detection:
malicious
Classification:
troj
Score:
51 / 100
Signature
.NET source code contains very large array initializations
Creates an autostart registry key pointing to binary in C:\Windows
Creates autostart registry keys with suspicious names
Machine Learning detection for dropped file
Machine Learning detection for sample
Yara detected AgentTesla
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-07-21 11:28:07 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
keylogger stealer family:agenttesla
Behaviour
AgentTesla Payload
Agenttesla family

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments