MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be6a3c4a0636cf4d05cdc8a58a42221d4e6358460d8dd7a679aebeeafe254a06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 1 Yara 3 Comments

SHA256 hash: be6a3c4a0636cf4d05cdc8a58a42221d4e6358460d8dd7a679aebeeafe254a06
SHA3-384 hash: 17496470ea5ba705c420bc2f41a52a87a69ae1d5db2915ba79ebb2350425030c062af23f77af35bc434d4562041934b2
SHA1 hash: beeeee39d7496d6076b4aeb869acf70355b6b404
MD5 hash: 10edd461dae11be49d9c73cf57081b78
humanhash: bacon-gee-seven-berlin
File name:P.O_310006132800154200.scr
Download: download sample
Signature AgentTesla
File size:436'736 bytes
First seen:2020-06-30 07:13:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:ZQMId5ihKbGdt0xyFHLdj8eWIIDzjTfjUXLjt5blrwJ7:ZWdLblyFHLdj8eaDzjTfjshrW7
TLSH 5394F114365D1A33CEA805F980C3628547F564A57863F3DA8ECE60E863D7B9C5A02F7B
Reporter @JAMESWT_MHT
Tags:AgentTesla

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 30
Origin country IT IT
CAPE Sandbox Detection:AgentTeslaV2
Link: https://www.capesandbox.com/analysis/16875/
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/be6a3c4a0636cf4d05cdc8a58a42221d4e6358460d8dd7a679aebeeafe254a06/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 01:12:43 UTC
AV detection:25 of 31 (80.65%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-sgrm9crkp6/
Tags:spyware
VirusTotal:Virustotal results 38.57%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments