MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 306e5b34b75ce392b55691abcda73d75d7f8717e286cadc36c5582c7ebde621b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 306e5b34b75ce392b55691abcda73d75d7f8717e286cadc36c5582c7ebde621b
SHA3-384 hash: 499c54f31aa7f2c53263091d2482e4b7bf1f6d747a78bd2a3aef9eaf16326178fef2db0fe3085d33caae622f6da80fd6
SHA1 hash: 0e6dece258315a43fff70c66e791f72f43b3e029
MD5 hash: 92fbc7e5f35eef01294f2794cbf9b306
humanhash: papa-xray-artist-december
File name:3dfa6a80c5544e04dc1ae80da70a4223
Download: download sample
Signature AgentTesla
Create hunting rule
File size:508'416 bytes
First seen:2020-11-17 12:43:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3e0c51f5711a5619dc8763ea2a3be01d (10 x AgentTesla, 2 x AveMariaRAT)
ssdeep 6144:/Db2WXaP9JQKQpimfEzfSERKAOyAOMZIV7uaL+C4jCaS2B9BIZUs0zWTrbLkGGwX:/DCWXckTpizfSE8cOyeC70/BxxzWTvz
Threatray 1'322 similar samples on MalwareBazaar
TLSH F9B4E15123E6DEF2E472027504D46F71085AB8762A7F8C7BABD58E0E8C387C141B5FA6
Reporter seifreed
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a window
Creating a file
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/306e5b34b75ce392b55691abcda73d75d7f8717e286cadc36c5582c7ebde621b/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:50:20 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
08f9ff6bbe01d3fab54974c872fbdf2f8fa1fd1f32649c776f0626030169272c
AgentTesla
18dddb92c78a57ec4c3eaa117c7db4840e30484a4934af1905451e01d82ba245
AgentTesla
5489bee07301a4d59ea4210dd7c5efd6030feb57a6ede6a9d670d21340c6746c
AgentTesla
554572aa51eb6a3ab4e1bb61511102574ab1bf2964560e5f7463120c368ff30a
AgentTesla
6f175e5ca3aed259ec1288d9dbd2510bff46dd383f95c07d9495570699934445
AgentTesla
97c73eb27f164d01020de5531c96adb305bfdd8e6ec727bfaf65a2fa7b02638a
AgentTesla
9c7002e97c59c4c190abb09e373a5f1010b4790dbcb714e792538e73820d5609
AgentTesla
acef7155f56a1434770c602a92ebf4945474ad85e9382df19ff5d3ffee461423
AgentTesla
c1e775844ae65d163fef7ec92e2d48ab4fd36ec5412999a5cba1c85ef0edd105
AgentTesla
fb1c77156c32d3643f2b21550110a48c3bbf869d2f0aa099b7400646e1fcaeb5
AgentTesla
+ 1'312 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-gwekp7gr1a/
Unpacked files
SH256 hash:
306e5b34b75ce392b55691abcda73d75d7f8717e286cadc36c5582c7ebde621b
MD5 hash:
92fbc7e5f35eef01294f2794cbf9b306
SHA1 hash:
0e6dece258315a43fff70c66e791f72f43b3e029
Link:
https://www.unpac.me/results/dffacfd7-7c23-4f20-8b92-19346fe359d3/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_AgentTesla_20200929
Create hunting rule
Author:abuse.ch
Description:Detects AgentTesla PE
Rule name:MALWARE_Win_AgentTeslaV3
Create hunting rule
Author:ditekshen
Description:AgentTeslaV3 infostealer payload
Rule name:win_agent_tesla_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects Agent Tesla

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments