MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8aebcc9afaa71ce6097fb2b9dc2f412c1c98b358fce687f98f3e379216c8fe7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8aebcc9afaa71ce6097fb2b9dc2f412c1c98b358fce687f98f3e379216c8fe7
SHA3-384 hash: 0e70ceacb1ca089ca35e52e7b181893d2497fc831b0d9b543418bd0615e1ea7c610d2c28169a09198021591b38d3a32a
SHA1 hash: 7763b38a2f9c19da1dc320c681e28fa951d7209c
MD5 hash: ab13f48dbf25d8103743ef586f325532
humanhash: network-north-timing-steak
File name:Tiger Peace V2005.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:728'576 bytes
First seen:2020-04-15 07:38:58 UTC
Last seen:2020-04-15 09:06:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:q8K3VAfQUDnDvwWXrvm3ryy3YUxqreO+AgNFXzomSOmCyaiN0mOyKtsIAlGsIVXS:qhA1D9bO3ryESbGsW
Threatray 11'010 similar samples on MalwareBazaar
TLSH 50F49D8C3650B6DFC467C8728AA46D64EB607DB7431BC603E45335EE9A2DA97CF041A3
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.29239.14769.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 04:36:30 UTC
File Type:
PE (.Net Exe)
Extracted files:
17
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7cxlzsnpvjy44yex7mvz3qxucla4tczvr7hgq74y6prxsilmr7tq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
013272a7f6fd9926e268e175cfeb2bcb0aeab1573a68693c872a119bfdfa4402
AgentTesla
07236ee497bab6187ef9e5ea42f6a184a9bb32030b50d88f251a449b03890305
AgentTesla
276c169d7b842d092da93f16ae55bda7b01b0ded9bb12166b4c6eddc1dc49462
AgentTesla
67117fc3f4246985bc6982cdfc5c76bab224966c86450e12f3c00bbd65e8f911
AgentTesla
7edbcbc6081943fe92a164f8756d3f6c86a18fb913c420577c48b3d2e6bcb3a0
AgentTesla
900f0b2fc62411daadb700ddd6e58c878ba389fd18af1503f6f30f37138dc296
AgentTesla
c3d2cae309fc29bc97da302dd28532093cf05fa5c2d8e05dfb1199dd69387cc6
AgentTesla
e90113ece868954185441f939e93cab4f887465291e620753b411d043131b793
AgentTesla
ec0f65afbe2adb5bccb4d4b0fa58353791deb99e42a2583828442a68af1cd235
AgentTesla
ef47e6b46e818e6f3110202391cca1ba74b312d9e2d11dd66e62b59c60b49cda
AgentTesla
+ 11'000 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments