MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e5b098da7e40332ebec3a6d1195dd3f8ad749c696e8e832116b4e908865d288. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 3 File information Yara 3 Comments

SHA256 hash: 0e5b098da7e40332ebec3a6d1195dd3f8ad749c696e8e832116b4e908865d288
SHA3-384 hash: 52fea35bba99410891dfcd65884fd761df89d838bc31721489cb63e974369e5246c60566e958ef3dc1c4df33941d2a18
SHA1 hash: 8570ec5af66af620f962f7083f85cafa0a7d467d
MD5 hash: cfacf200bc7147f9f1c58f9a025268ec
humanhash: oklahoma-early-lamp-beer
File name:cfacf200bc7147f9f1c58f9a025268ec.exe
Download: download sample
Signature AgentTesla
File size:404'992 bytes
First seen:2020-05-23 07:17:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:UVfgPRNzTM8oTj4QCysNiegDROaTdKANNNngZEHx0Gi/VzS4wU9O81R:USTzAH5CrNiBTLnpHx0D/Vmd
TLSH 2C84E05571FE1316DB7AABF10BE5649D0376B46B153AF23E2C8226DA8732F008951B33
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-05-22 23:36:41 UTC
AV detection:
22 of 30 (73.33%)
Threat level
  2/5

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments