MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09a45b6487703113d5ccdb4864d2c7c79d82fe8acb6bb9820d4cda161549301c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information Yara 3 Comments

SHA256 hash: 09a45b6487703113d5ccdb4864d2c7c79d82fe8acb6bb9820d4cda161549301c
SHA1 hash: 4605a81927c268f948dc22a4daf19dc808a0eb17
MD5 hash: 28b9b5f43c99f091150d29bc7a03f8af
File name:28b9b5f43c99f091150d29bc7a03f8af.exe
Download: download sample
Signature AgentTesla
File size:1'500'672 bytes
First seen:2020-05-23 07:22:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:ntb20pkaCqT5TBWgNQ7acfviVQGnu9rjwmih1w+I0htN656A:kVg5tQ7acHiVQou5wmLmhD+5
TLSH B765D01363DD8364C37E9173BA55B701AEBBB82505A1F87B2FF4093CA9201215E1E66F
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
mail.pptoursperu.com:587

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
# of uploads 1
# of downloads 26
Origin country US US
ClamAV Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
VirusTotal:Virustotal results 46.48%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments