MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb2e619a6b39f4b2024b68cc87c58d81eed6a7ae1177ac020c01c71b2c908809. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 1 Yara 3 Comments

SHA256 hash: eb2e619a6b39f4b2024b68cc87c58d81eed6a7ae1177ac020c01c71b2c908809
SHA3-384 hash: 3543b7681c606e77c866eec291d197c6380bd9bee109448ee44f37dd42c5fbe6090dd61ec2258e8a2001ebe6d488f7dd
SHA1 hash: c0bfb679fe2d247a1de30aa2758fbbf371ec1272
MD5 hash: 407414fb84a4bcd7a73836f31162a80d
humanhash: colorado-oklahoma-wolfram-vermont
File name:407414fb84a4bcd7a73836f31162a80d.exe
Download: download sample
Signature AgentTesla
File size:423'424 bytes
First seen:2020-06-30 06:38:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:YI0SJcO2hOZyA6rnBfIn3/ZIucDzDEiTC:YI0SJcXh7AifIn3Uvi
TLSH 9494123533B91B75DABAA37A107121210F73BE536321D61EAD98A1DE2E73F504610F2B
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 31
Origin country US US
CAPE Sandbox Detection:AgentTeslaV2
Link: https://www.capesandbox.com/analysis/16833/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/eb2e619a6b39f4b2024b68cc87c58d81eed6a7ae1177ac020c01c71b2c908809/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 06:17:00 UTC
AV detection:22 of 31 (70.97%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-z7zr3qkn16/
Tags:persistence spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 12.33%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments