MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29503feaa5debe98241301a773875a564f67a4183ed681bc90b582824de6944c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 3 Comments

SHA256 hash: 29503feaa5debe98241301a773875a564f67a4183ed681bc90b582824de6944c
SHA3-384 hash: 25da0ca172b2c48276ecbb8ad7140d7fbee3fcc4f2db5e280a61d477225d9fcbf622ed70f1543dbd2dce7a64534b0bd0
SHA1 hash: c1040f04d344823e82d6514f7e2a87f81fcc9f85
MD5 hash: d93caf08a99c9ed0c4252312c25f6b38
humanhash: washington-jersey-failed-green
File name:holy.exe
Download: download sample
Signature AgentTesla
File size:714'752 bytes
First seen:2020-06-08 16:59:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fd8135b0036737f4378aeccc98fbd15a
ssdeep 12288:oEv8FVujUpVTWgThfJ614X5p/iYHI0Oq8M0oko8ZiFhDF8KSpTTj/X4JFXGyv0Bc:oEEbuQ9WmD1HITPTnX4JJPKK7OWJ/L
TLSH 4BE4AE2DF2A04837E353157D5D0B9678982EBE5D2B1419B22BE5CC0CAFB93893D37186
Reporter @James_inthe_box
Tags:AgentTesla exe


Mail intelligence No data
# of uploads 1
# of downloads 32
Origin country FR FR
CAPE Sandbox Detection:n/a
ClamAV PUA.Win.Adware.Slugin-6803969-0
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-08 16:58:53 UTC
AV detection:29 of 31 (93.55%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 38.89%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.