MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b99b29a8131f9d846fe70bc0700d1b700e484399e5153d7819ef1305495296f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b99b29a8131f9d846fe70bc0700d1b700e484399e5153d7819ef1305495296f6
SHA3-384 hash: 3952426e9ecc446b74dfae1cedda30077c4b7b681c2897683b611b5601516228f07498689b46f642021fe4a8b7efa6d4
SHA1 hash: 000b53a507642ecf323fcaf5b436b1661b794c03
MD5 hash: 52c0b7736e29dc3f7e586b13416b786a
humanhash: queen-golf-cold-nine
File name:D0198 INQUIRY FOR BWTS.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:616'448 bytes
First seen:2020-04-28 05:10:05 UTC
Last seen:2020-04-28 05:59:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:xf6An6InZIwWlu6msQGCS2yIiuP8w42ZdcqCxxrBigTlYl:pPn6c6QX+Iiu0w42zAxsgW
Threatray 10'549 similar samples on MalwareBazaar
TLSH 99D4E1CA3B44EE5FD1D784B86A41DE8CC5119D65423B8A07E4A33A3FB57CE93BE08152
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33737567.24210.30708.UNOFFICIAL
Create hunting rule

Win.Packed.Agenttesla-7732321-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 12:51:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
19
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgnstkatd6oyi37hbpahadi3oaheqq4z4ukt26az54jqkskss33a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1461847eee6ba8dcadbebb76d93add24569d3d16e7ecaa2078c7eb503d43ed39
AgentTesla
1b1cfcb20bb2ea0a73543fcdf309e6110bac1663c05fe1e1b334fd4351144db8
AgentTesla
205c64751a28eba3128dc0d7a6f15934caef963bd2cfcd5898f0b7b22d72cf08
AgentTesla
21bd1e815e8a6893cff55b01202beff753c20b21594e5d9b92f91ad0dd92ba4f
AgentTesla
285dfcf7b80c7e082218135e3b93eecd1b623ef2a86c5d3bdf9c51978d1ee62f
AgentTesla
3aa90f6583dde40c643519b2baa2f5d3b3a0e5c4ab54b7e7f64cf662f8c0fabb
AgentTesla
689e10eed6804131422d026781776edeaec42d42a35b65512d70acbc3631946b
AgentTesla
c3d2cae309fc29bc97da302dd28532093cf05fa5c2d8e05dfb1199dd69387cc6
AgentTesla
ce41ab91dfb37caeee2c7e4aaf66bc6d611b482b4ac210ae908b6d5090ad4989
AgentTesla
f8aebcc9afaa71ce6097fb2b9dc2f412c1c98b358fce687f98f3e379216c8fe7
AgentTesla
+ 10'539 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments