MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2116630a84b913da34b2f2cb2a5d7f357a9c95c648d2ceeb582c6728e2fca9dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 2 Yara 3 Comments

SHA256 hash: 2116630a84b913da34b2f2cb2a5d7f357a9c95c648d2ceeb582c6728e2fca9dc
SHA3-384 hash: f83c209127fe66086f81fdaa0c1c545e5d64d6363ca83a5380e4a9d5e6ff3449e33043ec47e5efc478c84ea4c520f31a
SHA1 hash: 277582491f24bbf73518393fee10ba110c9bf79c
MD5 hash: bf42f566819d80dce55fc66e6e43583f
humanhash: oxygen-mango-artist-friend
File name:PO.exe
Download: download sample
Signature AgentTesla
File size:695'296 bytes
First seen:2020-06-30 19:13:45 UTC
Last seen:2020-06-30 23:57:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:5u4ojqNYf0HG4gmvPGaM0UGQU98/oW70ozTr2fbigQxDbcl3ZxrfgePwS4xF:9ojqNzGjmzWvfGfOCdZxrfgxp
TLSH 69E4D62E7A44E605C53C5A3340EA59D067B1A5C72A23CB0F3ECA579C6E027CB3E5725E
Reporter @James_inthe_box
Tags:AgentTesla exe


Mail intelligence
Trap location Impact
Global Low
# of uploads 3
# of downloads 37
Origin country FR FR
CAPE Sandbox Gathering data
CERT.PL MWDB Detection:agenttesla
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 19:11:41 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Tags:persistence spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 39.44%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method