MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 011e126e399a156f6af0c60b643873d69b2fa86d0ec90d5d1742aabe88759295. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara 3 Comments

SHA256 hash: 011e126e399a156f6af0c60b643873d69b2fa86d0ec90d5d1742aabe88759295
SHA1 hash: df6e05397233c20091c53f3072049acbb7b83af2
MD5 hash: 38b3b896e9cc3fb9c3061df66f65d3c3
File name:38b3b896e9cc3fb9c3061df66f65d3c3.exe
Download: download sample
Signature AgentTesla
File size:401'408 bytes
First seen:2020-05-23 07:17:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:R496ydGBeelif+xKyHUxUGgMrz3rlykym+AuiPuvobmJKUUJp8oJ:69nGM8x8gMrlyEPzPuAbmJLU
TLSH F384D052B0FE1756D776EBF10BE4286D07B6B46B657AF2381C8152CA9672F00C990B33
Reporter @abuse_ch
Tags:AgentTesla exe

AgentTesla SMTP exfil server:


Mail intelligence No data
# of uploads 1
# of downloads 24
Origin country US US
VirusTotal:Virustotal results 34.72%
ReversingLabs :No data

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.