MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c4dc83e26db2c5aa6d945fcc8bc43ebd73ba9c1b4962e17c76b832d1b0eaf39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c4dc83e26db2c5aa6d945fcc8bc43ebd73ba9c1b4962e17c76b832d1b0eaf39
SHA3-384 hash: cdbc4fe9a9236d1233365ec2f0e78b0d2f8ffef81811ebc51de8d5a70760d37d44b9ccfdfc16ab505d98c542f2a7590b
SHA1 hash: 5d5f8b0b7ad2a0069bd2e958b98d132c052292ee
MD5 hash: e7d0b576ebf0bde26c9f61e58f23db3e
humanhash: london-bravo-november-maine
File name:Payment Advice.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'370'112 bytes
First seen:2020-04-15 16:38:42 UTC
Last seen:2020-04-15 18:14:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:6xjMvBRiFRmEfvnD5xkYgRbPPMttiiCPaR1XVIz/VJ7U6csDvM:6xgvBRQlfvtx167PriZcz/z7U6cs
Threatray 10'550 similar samples on MalwareBazaar
TLSH 1E55B53A39835448C574077500A8AEC1B37A7B893E45CB2EF19B634D9F014AF7B692DE
Reporter c_APT_ure
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42215033.19725.16340.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-01-08 22:39:31 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jrg4qprg3mwfvjwzix6mrpcd5pltxkobwslc4f6hnobs2gyov44q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0fabbaf7f8ad7af3888aa77b2e376db74390064ea8eea0c54fee59fdc2cd54c8
AgentTesla
350a1cceb4f399c5d7515ede00aa6c9dbf6a6d9a4b96ad87f158005d58faf567
AgentTesla
35cfc1673d87e25347c6ebd9142e0ac184a51c68392c12c3ef7ec2f2ede87874
AgentTesla
54bd5cfab1dd37a3b3c905c14768d9f2465e770a69dc0c057c2193c9ceeabed7
AgentTesla
699f0e5324e4086d23929e80bc2eafba618f503d3df37a59c8c30a79c38da858
AgentTesla
826c58de5e811796f7b77ea72b19c0e5bb61d08b51c08ad4277820eea897a613
AgentTesla
ad791a10ed33af49c6613064847d3d9614db17ad9b91e048c897781450c07ae1
AgentTesla
aea1493bc9d4796294250d7b06a160c61f4014b1ca13473f4a5877a674083772
AgentTesla
d1d14f8dd6e27ee5e2ad219935cbc367da9fa4659794bdf9938be7ffbb89a92b
AgentTesla
eeaf1a13abc40e26aa08851e533c3fe5770687b10f7194343b2110c3e8ed12e2
AgentTesla
+ 10'540 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments