MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 186d876a0f3218b1bcc27510279c83dc985f71ac56f99ed2ca863613527acd03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: 186d876a0f3218b1bcc27510279c83dc985f71ac56f99ed2ca863613527acd03
SHA3-384 hash: fdd8c12cc53145cd3718428f20bb75d4f6e748ac76965629fc036eb08289f7465011fde0cfa2aef65d368fa6bad9ce18
SHA1 hash: ba8d0ff3ed80326ca54fb0241da277c4b506274a
MD5 hash: be80e2bfd8155e17c6d71da2b2d14bf8
humanhash: aspen-zulu-wolfram-mobile
File name:eInvoicing_pdf.exe
Download: download sample
Signature AgentTesla
File size:613'888 bytes
First seen:2020-06-30 12:42:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:ciWruxLGg1XGGQpcstZC4f9xuN3M4q1g+lAY0/oLa:cinLGGQpT3FvgWLa
TLSH D5D4073D3B856405D93D0A3688A45AD073B1A9873B42DB1F79D7179C6F073CB7A0A28E
Reporter @abuse_ch
Tags:AgentTesla exe

Malspam distributing AgentTesla:

Sending IP:
From: eInvoicing <>
Subject: TNT Express eInvoice notification: 09004105 - Account: 00022259
Attachment: eInvoicing_pdf.gz (contains "eInvoicing_pdf.exe")

AgentTesla SMTP exfil server:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 24
Origin country US US
CAPE Sandbox Detection:AgentTeslaV2
ClamAV Win.Malware.AgentTesla-7660762-0
CERT.PL MWDB Detection:agenttesla
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 12:44:07 UTC
AV detection:22 of 31 (70.97%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 34.72%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 186d876a0f3218b1bcc27510279c83dc985f71ac56f99ed2ca863613527acd03

(this sample)

Dropped by
MD5 76e53e8039ddb93e492fdec6f4a53562
Delivery method
Distributed via e-mail attachment