MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0de5bcc23dcfed9f7b902e5be03c518692b168180a1fc5d239c5bf01ea9be122. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 3 Comments

SHA256 hash: 0de5bcc23dcfed9f7b902e5be03c518692b168180a1fc5d239c5bf01ea9be122
SHA3-384 hash: 018bcf8d6473673fbab8d5a96a3a55f761ac0c7d22131f454a2f9e9e115bb528641f0ea815d70348bb3725044e03ec3b
SHA1 hash: fc0b249b61b7a920a96929629466a9eb45f03fee
MD5 hash: facea2b6dfa6ab71877b8c96e15e8a0b
humanhash: black-muppet-fruit-virginia
File name:vbc.exe
Download: download sample
Signature AgentTesla
File size:512'512 bytes
First seen:2020-06-30 14:58:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:BfZtzcH7XFD58nkwr/lC1bx4a1/QkwK7D3mxEtHVq231bo5f2AQ78ryxf:eRD58L/lItykwK7bG8HVj3NC2
TLSH F0B4CF1927F8D924D23E6336FA61415283B7E523D89AE30F1A889DE519D33CBDC87346
Reporter @James_inthe_box
Tags:AgentTesla exe


Mail intelligence No data
# of uploads 1
# of downloads 33
Origin country FR FR
CAPE Sandbox Detection:n/a
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 14:16:29 UTC
AV detection:24 of 31 (77.42%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
VirusTotal:Virustotal results 31.94%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.