MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dc2d208eac6249c467cfa21ddaf785e6259b24fcccb2d9d761a3161284074ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 3 Comments

SHA256 hash: 4dc2d208eac6249c467cfa21ddaf785e6259b24fcccb2d9d761a3161284074ef
SHA1 hash: 0cbf7d923830ccea74b7a246fa585ee1845fef69
MD5 hash: a2fa080459016ae45f66d3f6e66f4ef8
File name:MT103_54,770.83USD_052020 dbs 1020.exe
Download: download sample
Signature AgentTesla
File size:449'536 bytes
First seen:2020-05-23 11:43:48 UTC
Last seen:2020-05-23 13:13:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:IXm6pt/bRM/BVs13QYq0tfbWQHV2CZgXrGfZ9bGjj:QRM/BVs13uQHNgXrYN+
TLSH 1CA4021932D4926BD86D4B78ED9034151BB1BD1A3A31E305BF9BB5DE1A7B3C48500BB3
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: ns.univ21.net
Sending IP: 211.233.62.61
From: "Ayesha Kent - Financial team DBS"<ayesha.kent@yahoo.com.sg>
Subject: Fwd: Remittance from 22-05-2020
Attachment: MT103_54,770.83USD_052020 dbs 1020.iso (contains "MT103_54,770.83USD_052020 dbs 1020.exe")

AgentTesla SMTP exfil server:
mail.cycloinstruments.com:26

Intelligence


Mail intelligence
Trap location Impact
Global Low
CH Switzerland Low
# of uploads 2
# of downloads 21
Origin country FR FR
ClamAV SecuriteInfo.com.BehavesLike.Win32.Generic.gc.4719.UNOFFICIAL
VirusTotal:Virustotal results 19.72%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 4dc2d208eac6249c467cfa21ddaf785e6259b24fcccb2d9d761a3161284074ef

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments