MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6f525b8591da860ea5da799f9c67472f40c537547148ea1a43ff708e436835c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA 2 File information Comments

SHA256 hash:	c6f525b8591da860ea5da799f9c67472f40c537547148ea1a43ff708e436835c
SHA3-384 hash:	0e79a71f25b85dadd9560c313337293adcd651dd927e0d738a6939a516d5d7cd51d5cc37465fa68f90347910f7a71237
SHA1 hash:	e42d356360ff61547db1f10bfc08f97d7a230b41
MD5 hash:	08d70ce6272c5a88b9b49a32cde60f76
humanhash:	carpet-pizza-ohio-jersey
File name:	PO2136633--140HQpdf.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	475'136 bytes
First seen:	2020-04-29 21:07:40 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:mQN6qn5Hk12rxxjbnCt9IUgdzWNfCSshQd4:mQgqn5Iwjbny9IUgdIf
Threatray	10'613 similar samples on MalwareBazaar
TLSH	EEA4D0AC764072EFC467C93689946C20FA50B07B830BE747A49716ACDA0E9DBDF141E3
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-29 09:29:48 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 30 (86.67%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y32sloczdwugb2s5u6m7trtuol2ayu3vi4ki5ineh73qrzbwqnoa._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

1b3e0ecd48429892985659b9b22f90c46824e7a006829bcfa04224fa4a13108e

AgentTesla

27e0f7e971ba78022104ace7a5b679e58cdb7ed7db9c7871362fc19a5a6ee3d8

AgentTesla

35ead1509ef16cc4518f6344a09ac4a93881ba8380a57a9f75a1c0beca41c9d6

AgentTesla

491be1f8a5ce9a806ed1338530b892a9f17c7ae1cd21464485d5945efcc65bea

AgentTesla

7c671aa708c21b23eb4ecd81a26321ca0a1052b4944450d0bccddc47fe2ca9aa

AgentTesla

9622729f9517d5a5eecd4a278ea564d750b17e300337a0f0e023c986bf0e537d

AgentTesla

a884c6f90ec51dc6d39304e05efe5820d5c11afcd90abeaca8969b4adb9448e7

AgentTesla

e79977c587a8514245a9a04ea33cf36fdad3fe08e998de38ffc8edf05337f8ba

AgentTesla

f234864e5eb23f62d55d49f8e13c81878fd61e80b9b83864f4bd10488ada1d55

AgentTesla

+ 10'603 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Agenttesla_type2 Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect Agenttesla in memory
Reference:	internal research

Rule name:	CAP_HookExKeylogger Create hunting rule
Author:	Brian C. Bell -- @biebsmalwareguy
Reference:	https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample