MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f
SHA3-384 hash: 284beca9d5ac3f3a553619f3cf6e4ff1022cf0f7790671a759c6f7e87095f41c959379b4cb0a273d41e8a1c2a4619c55
SHA1 hash: eca55c3850345643af7649310df6aadf51e89122
MD5 hash: ce4ea2ae73b10c8a2b5b8af71629ad6a
humanhash: enemy-bluebird-may-wyoming
File name:Tekstil proforma Invoice no. #30742300.exe
Download: download sample
Signature AgentTesla
File size:659'968 bytes
First seen:2020-06-30 06:51:44 UTC
Last seen:2020-06-30 10:46:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:v1ISWP0rV9zbwo8bMu4iaIqbtjxeWb78g5aIl8bns:v19G0Xb458jL87IlD
TLSH C7E4D001A2B8EAA2CEFE0FF5D75184119F7088792A0BDA9D5CBDF2FF28677411115887
Reporter @jarumlus


Mail intelligence
Trap location Impact
Global Low
CH Switzerland Low
NL Netherlands Low
# of uploads 3
# of downloads 32
Origin country US US
CAPE Sandbox Detection:n/a
CERT.PL MWDB Detection:agenttesla
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 06:53:04 UTC
AV detection:21 of 30 (70.00%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 16.90%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f

(this sample)

Dropped by
MD5 7d3c324d82c12eda6bde95327af97517
Dropped by
SHA256 22d74a97851ee257940ffba40a03c6d7714c87f77a1c5c142416a0f65877f873
Delivery method
Distributed via e-mail attachment