MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ffa79381d00485627b0ff787fc42dd88d2d6ecff3ee3d4007733d4ec2bf69db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 2 Yara 3 Comments

SHA256 hash: 5ffa79381d00485627b0ff787fc42dd88d2d6ecff3ee3d4007733d4ec2bf69db
SHA3-384 hash: 98bf9ca9ddc13ac05f0c5746be64df3d10ac719a7a782e50160761e7092533eb3dd146a66c5c1baed53e724da3408f7c
SHA1 hash: d3f60828a53659af7f321eb7aa2514e5b8301dfd
MD5 hash: 2bd2c679db169a9fa222a6a441c4175c
humanhash: uniform-hot-idaho-six
File name:SOA JUNE.exe
Download: download sample
Signature AgentTesla
File size:433'664 bytes
First seen:2020-06-30 14:34:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:ylgoiSJHA8sKqIzun1wsQwU5b5D6aTE16Oq72lsftpehYQlw2v3Agzh0XxaSj:ylgom5Izu1ehMaQnFsfbk1w2v38xaSj
TLSH 0B94127123769B62C2BD77B8A4A250111FF3BD2B3230E26C5D9965CE0933B6097A1F17
Reporter @James_inthe_box
Tags:AgentTesla exe

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 32
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17280/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Sanesecurity.Rogue.0hr.20200630-1002.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/5ffa79381d00485627b0ff787fc42dd88d2d6ecff3ee3d4007733d4ec2bf69db/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agensla
First seen:2020-06-30 08:14:00 UTC
AV detection:26 of 48 (54.17%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-tg6xsnwz8e/
Tags:spyware
VirusTotal:Virustotal results 20.00%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments