MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0310713073d73da7a45ff957b3fdba84d8d6da70a91a8404c66561007d505d08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 5 Yara 3 Comments

SHA256 hash: 0310713073d73da7a45ff957b3fdba84d8d6da70a91a8404c66561007d505d08
SHA3-384 hash: 32bfba89350b9f84bf57e482ee4614a9a5147423ffd4a0d8a6129ed79bb49ef601d8770a783e14cb025f05c15ce7bd38
SHA1 hash: 15b9a691f4490c3c562e8bf5639f999c4cf95313
MD5 hash: 475e1f8a737a1137a0935909184f8824
humanhash: juliet-charlie-nebraska-robert
File name:swift_7974.exe
Download: download sample
Signature AgentTesla
File size:496'128 bytes
First seen:2020-06-30 15:09:47 UTC
Last seen:2020-06-30 16:01:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:RJb+RQ3tB+rXRXJh5PjutOqK+H7o8L8s+FO8eJz8X9Tl3lfNwIpNG3O5b/rQuUko:/tkPco+MNF39DlVVT/rtUkk
TLSH 81B4E02222EC4F66D5FD8BFE687C32000B3836556537E34C9E8561DD1963BD08AAB367
Reporter @jarumlus
Tags:AgentTesla

Intelligence


Mail intelligence
Trap location Impact
DE Germany Low
Global Low
CH Switzerland Low
IT Italy Low
# of uploads 2
# of downloads 34
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17314/
ClamAV SecuriteInfo.com.Generic.mg.475e1f8a737a1137.31408.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/0310713073d73da7a45ff957b3fdba84d8d6da70a91a8404c66561007d505d08/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Injuke
First seen:2020-06-30 15:11:04 UTC
AV detection:14 of 31 (45.16%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-xmd9222grs/
Tags:spyware
VirusTotal:Virustotal results 16.67%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

fd67ac2723f3fe324a370e8a2bdc195542df439c8acd94f5b00652687e5858df

AgentTesla

Executable exe 0310713073d73da7a45ff957b3fdba84d8d6da70a91a8404c66561007d505d08

(this sample)

  
Dropped by
MD5 559328fdb56b218cad27d07cfaed9b5b
  
Dropped by
SHA256 fd67ac2723f3fe324a370e8a2bdc195542df439c8acd94f5b00652687e5858df
  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments