MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5141cdbe92ab9cc719bbefe36250a0bf11c401ba4720cfffed89147d41085cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5141cdbe92ab9cc719bbefe36250a0bf11c401ba4720cfffed89147d41085cc
SHA3-384 hash: 47a1254c555e21226bdc7bfc407e2611a9905eefa94c9a3384be6c37b3b8b7bcf4317b76301a35ff260baddf1bfa5c78
SHA1 hash: 77b1e3248ff52efd019a3dcff9b3862b1ef66f4e
MD5 hash: a723e565d88fec8cfca8b52d114fdd8e
humanhash: saturn-red-moon-louisiana
File name:CA858 NSO1420 RIB LB SAS.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:699'904 bytes
First seen:2020-03-20 18:01:09 UTC
Last seen:2020-03-20 19:55:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:eNF5hNvXKJgrgSUSJmrU1jVWUKi1zezN6+V2om+3SF4:eNF5hVXfrgSCUPWUKi1S0MV
Threatray 10'633 similar samples on MalwareBazaar
TLSH 86E4E006B351C694E60472BB47A0FB506716F9C3975082EF2A5E6B9BAB936C33F0C744
Reporter c_APT_ure
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.44806.23060.22299.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-12 05:41:14 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uukbzw7jfk44y4m3x37dmjikbpyryqa3urzaz7763ciupvaqqxga._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
08649fecb4d65bc7583496f888b9dd72da2024f30bbd4261ad6db6d19c9a1fe7
AgentTesla
117843e24f0eb9a51e16e8e4cb9d7d1ef187eed2bcab229b9952eaf6acfb81c2
AgentTesla
164e48e363fa5ab0f87e623500e1a9752deb0726e14d2dbfb8efb3fb242b0de4
AgentTesla
72102a41d1ba022e6d9a13dbb3492105bbfa8fc9707a311c81f7646653e9f11a
AgentTesla
83c6d11ba6f96505846001aa195d3daced4d9c8fd2058fc8a68a049dbd6066ea
AgentTesla
a0810f1aa16137f8a9636e120184bd49bf98b7c04dd12dc6669a1aeeb3473a9d
AgentTesla
b18e468d90e6b3495f9a7b250b0476305950b14015dcf54dba6d3723738f09ad
AgentTesla
c1020721ce654c2bce5442cccead770af69aa5fcc1d0ebe48b76d35eb17e26c5
AgentTesla
d9c40ceec2d507342f2653f3545bfb3ddd3ab65b45c4e02d5becffb0304775c0
AgentTesla
db6760631b1665a671c30a8e8c8ddeb28b76960d31485187a86f91fe48359129
AgentTesla
+ 10'623 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a5141cdbe92ab9cc719bbefe36250a0bf11c401ba4720cfffed89147d41085cc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments