MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2116630a84b913da34b2f2cb2a5d7f357a9c95c648d2ceeb582c6728e2fca9dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 2 Yara 3 Comments

SHA256 hash: 2116630a84b913da34b2f2cb2a5d7f357a9c95c648d2ceeb582c6728e2fca9dc
SHA3-384 hash: f83c209127fe66086f81fdaa0c1c545e5d64d6363ca83a5380e4a9d5e6ff3449e33043ec47e5efc478c84ea4c520f31a
SHA1 hash: 277582491f24bbf73518393fee10ba110c9bf79c
MD5 hash: bf42f566819d80dce55fc66e6e43583f
humanhash: oxygen-mango-artist-friend
File name:PO.exe
Download: download sample
Signature AgentTesla
File size:695'296 bytes
First seen:2020-06-30 19:13:45 UTC
Last seen:2020-06-30 23:57:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:5u4ojqNYf0HG4gmvPGaM0UGQU98/oW70ozTr2fbigQxDbcl3ZxrfgePwS4xF:9ojqNzGjmzWvfGfOCdZxrfgxp
TLSH 69E4D62E7A44E605C53C5A3340EA59D067B1A5C72A23CB0F3ECA579C6E027CB3E5725E
Reporter @James_inthe_box
Tags:AgentTesla exe

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 3
# of downloads 37
Origin country FR FR
CAPE Sandbox Gathering data
ClamAV SecuriteInfo.com.Variant.Zusy.195743.7977.29999.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/2116630a84b913da34b2f2cb2a5d7f357a9c95c648d2ceeb582c6728e2fca9dc/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 19:11:41 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-mqnhsp9kqs/
Tags:persistence spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 39.44%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments