MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c278d60afb08f90ae60570f9e463a9554021f3c1bf88c9ffbfa239d77504d602. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA 3 File information Comments

SHA256 hash:	c278d60afb08f90ae60570f9e463a9554021f3c1bf88c9ffbfa239d77504d602
SHA3-384 hash:	746a0f5774ced8b3d884865439aef2bb842d68305e8fcca1dcb298024fd5f1646e737b982bae591af8d437db77824989
SHA1 hash:	1700eec91c514d7937441affdd4585aa0a8dd8fc
MD5 hash:	27f68824c54ce0aa5f86f4929b46f687
humanhash:	iowa-bakerloo-gee-green
File name:	swift_notification.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	605'184 bytes
First seen:	2020-04-30 07:33:24 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:RDv0U2UoNqqTK0fUO1kK9W/V3jHMiHegnT:R792UoYqTvGSaV3jsCn
Threatray	10'692 similar samples on MalwareBazaar
TLSH	3DD4D03F35C18F58CA451D353426BBF562F12641FB0E691D57BA938B3E80B2B7D0889A
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2019-09-05 17:03:23 UTC

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

04a9ddb426b6bc9febd1f0fdf436cde01976a37b8c99fbbabbd0076ac4a0be92

AgentTesla

0b4b14bc3a05f06113b88f9a389517f497309b1609fa8d24d337fa4899def582

AgentTesla

1b2094d2d7015ce59416ddaf7a827d03837bde54a330dc5600ceac3f91799559

AgentTesla

1dfb1a5cfb1e690b77387b14fb1107ae9ebbeaa0e2dcd2db8e2ce640342ef6c0

AgentTesla

2c6aa8d5fd233661b6d8c0130af1a0c63539aae4c05fb03d74859ebeec3b7cc6

AgentTesla

3458232b533e946c63311cd8241c2a390868950d89c3f5e3aaac3f2413c9b82a

AgentTesla

6ef9a45a617adf0e0ff740e37c865325289a110394725c393c314a3128a2575f

AgentTesla

9539edd2ef18098078d0835ecd1f4e5e5123eef9a3931f3e989fadafb95574eb

AgentTesla

b946e20a88832d012f1f9286128213de93298da8fc2c9921042419e44479d4ca

AgentTesla

+ 10'682 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Agenttesla_type2 Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect Agenttesla in memory
Reference:	internal research

Rule name:	CAP_HookExKeylogger Create hunting rule
Author:	Brian C. Bell -- @biebsmalwareguy
Reference:	https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

Rule name:	win_agent_tesla_g2 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample