MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f297e7cd13f8c61812d94c95a79e704f16317c5ea23dc9bd475c57c2f87a303. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: 6f297e7cd13f8c61812d94c95a79e704f16317c5ea23dc9bd475c57c2f87a303
SHA1 hash: 32139221a95c4a6c67e8fe2e2b96bcec5d3d2c34
MD5 hash: 52e9d3f17c1258e91ce30e3fab408252
File name:52e9d3f17c1258e91ce30e3fab408252.exe
Download: download sample
Signature AgentTesla
File size:2'257'408 bytes
First seen:2020-05-23 15:25:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 49152:XVg5tQ7a+lKO3FBX7EuFxClFNsihCGhV3PlywXM+5:lg56/Brxw5CGL3Plp8
TLSH 52A5012263DD8360C3B25273BA56B741AEBF782506A5F46B2FD4093DF860122525FB73
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
smtp.coffiices.com:587

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 22
Origin country US US
ClamAV Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
VirusTotal:Virustotal results 52.11%
ReversingLabs :No data

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments