MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 288130ee9ccfffd3966a3ce4c7baf1a16ddf25a7a03d8e7d9cb549f3041ebfe7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 288130ee9ccfffd3966a3ce4c7baf1a16ddf25a7a03d8e7d9cb549f3041ebfe7
SHA3-384 hash: bda9987775b0cbd24d4c5d5768cc736c224651c945330dbc9653bd51b115ecde5f58e84e829dc5c8579fd052cde70b82
SHA1 hash: 8f95d8b43310a9ab08dd4aad8a805e59f7bba7be
MD5 hash: add52381e3ba02849b8ed06cdb0d1204
humanhash: arizona-arkansas-hot-speaker
File name:Payment Advice Ref-74789269-Pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'342'464 bytes
First seen:2020-04-27 23:11:28 UTC
Last seen:2020-04-27 23:55:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:oJ0I0sFRmEfvnD5xkYgRbPPMttAxcgE9vyMDwcATSNM+bwVh0nT:SJ0ilfvtx167PHcgE9aGY2e+Gh0nT
Threatray 50 similar samples on MalwareBazaar
TLSH 7155C43635439448C97807B504ACEEC0B336BAC53E95CB2EB19B934C9E0155F7B2A6DE
Reporter c_APT_ure
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42246267.23240.7847.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-01-09 08:44:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fcatb3u4z775hftkhtsmpoxrufw56jnhua6y47m4wve7gba6x7tq._file
Verdict:
unknown
Similar samples:
030ade527870e102090906fca264da749db0e0a8bb405e8aad7a58bf9cf68ba8
AgentTesla
4c4dc83e26db2c5aa6d945fcc8bc43ebd73ba9c1b4962e17c76b832d1b0eaf39
AgentTesla
5440e3ba334553d5264329b32eaab06d2bd91e4dc69b83968723d2abcc1bb3de
AgentTesla
6b532b192afbefc2bcd83ccd84517f4db88ab11916149725fbe3156e2fb87e39
AgentTesla
896152b5c1395d1a5cc2b9e57583cbba5d8ce128419d86dcdc7bd23f54bb19d4
AgentTesla
949166859d018a523b3466d403c504a868e9ebfa5526c4b4443e3ccca972be75
AgentTesla
b05eb1ace6dd219a6e5ea23d25ea88bbd672ad379ac4dcaa935acbfdece37c0b
AgentTesla
d51840953f6ba82b4285527d838e0034d9ffa1dc1de94b73ed56e5e0b33e5eb5
AgentTesla
d99bf6fbde49105ddb9326b1a8020e5b22f64afa1a81793e34dcac17b3fbac44
AgentTesla
d9f80479fda248077ba59be9cc0be526e64aeb6f3504b63979b7f4f16b191d57
AgentTesla
+ 40 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments