MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b97868e499f94a1d62e5694dacbeead1799ae90dbb59c589d1f4552f853523ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b97868e499f94a1d62e5694dacbeead1799ae90dbb59c589d1f4552f853523ee
SHA3-384 hash: 7e8d4c40d7219da1af538e2591a6262b21e7b257d2a5cda3b8c787877f1e23344543281a484982ef0edb77eb18822a95
SHA1 hash: 27ece3628a85cfb528cc1352a726c4141cc396c7
MD5 hash: 96de1672e87701820c5cba981228b9b2
humanhash: lion-mike-oven-carpet
File name:MV YUE DIAN 8AGENT APPOINTMENT.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:681'984 bytes
First seen:2020-04-13 17:10:46 UTC
Last seen:2020-04-13 17:48:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:hw+By6ymlr2TWGXjwUxK0dIcAHUHvxOJ9rmx2y:liM0dyqr2
Threatray 11'002 similar samples on MalwareBazaar
TLSH 66E4497DFB10A18DCF1E8D324A586C5C5650B8670E16C33E18776E997A1DF43FE20AA2
Reporter c_APT_ure
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.257.27321.15439.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 05:42:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
29
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xf4grzez7ffb2yxfnfg2zpxk2f4zv2inxnm4lcor6rks7bjvepxa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3013cc776662f23a7d9de513d9e69c66ddad4b2320d44fb5f9a1eb0da59ebd36
AgentTesla
36a2f14e47f2e356a86679b2d3812576257978f2e8b9d4e2c16c884f4efb38b7
AgentTesla
6885b66dac5a9d0377ccea51f5b488a334b17957120e5c067468b79ca32a73f9
AgentTesla
774cabba771d38532276d09fea65d562a9eac297737d74e937695877d21f1958
AgentTesla
852a56f32acf5fd08621425269ad1980d54d40a45a2d9ef45e535edafb078098
AgentTesla
935ed6ae88a824109924582a1b854e983b641d6912816a79f48a0c07ccb4ffc0
AgentTesla
9c762a54ea7ec5d94ffe7f65206afe72200bd72bd7f7e8abbc0f96a01365a09d
AgentTesla
a3dee8c844802a63dc44d75204347cd3eff5b4e68f365f3bba937e652b563630
AgentTesla
b412dee59d22ef0ac30f6d2ebc1431f11d085a325b67df6e39cbcaaa3fc684b6
AgentTesla
d86f9a953908ce6fd9b036ae656839577cd1c919a395005a8a08fa12cb0b2182
AgentTesla
+ 10'992 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments