MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f
SHA3-384 hash: 284beca9d5ac3f3a553619f3cf6e4ff1022cf0f7790671a759c6f7e87095f41c959379b4cb0a273d41e8a1c2a4619c55
SHA1 hash: eca55c3850345643af7649310df6aadf51e89122
MD5 hash: ce4ea2ae73b10c8a2b5b8af71629ad6a
humanhash: enemy-bluebird-may-wyoming
File name:Tekstil proforma Invoice no. #30742300.exe
Download: download sample
Signature AgentTesla
File size:659'968 bytes
First seen:2020-06-30 06:51:44 UTC
Last seen:2020-06-30 10:46:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:v1ISWP0rV9zbwo8bMu4iaIqbtjxeWb78g5aIl8bns:v19G0Xb458jL87IlD
TLSH C7E4D001A2B8EAA2CEFE0FF5D75184119F7088792A0BDA9D5CBDF2FF28677411115887
Reporter @jarumlus
Tags:AgentTesla

Intelligence


Mail intelligence
Trap location Impact
Global Low
CH Switzerland Low
NL Netherlands Low
# of uploads 3
# of downloads 32
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16842/
ClamAV SecuriteInfo.com.Trojan.GenericKD.34094106.4502.14569.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 06:53:04 UTC
AV detection:21 of 30 (70.00%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-4b4z4hm2l6/
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 16.90%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

22d74a97851ee257940ffba40a03c6d7714c87f77a1c5c142416a0f65877f873

AgentTesla

Executable exe d6be58f8ff6c7e1a058e268255ff6ff3ec94b2e50a166cd8ba09ff466be82c5f

(this sample)

  
Dropped by
MD5 7d3c324d82c12eda6bde95327af97517
  
Dropped by
SHA256 22d74a97851ee257940ffba40a03c6d7714c87f77a1c5c142416a0f65877f873
  
Delivery method
Distributed via e-mail attachment

Comments