MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bc99e45681c54f07827a4beb516cf130666b26ad1244d89dcda0a3e9c983f0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bc99e45681c54f07827a4beb516cf130666b26ad1244d89dcda0a3e9c983f0f
SHA3-384 hash: 947fe56cf1b986c74eb52bd14179eb99e400f26fe5f49748002519ba884b57a327459683907a0c87da1d2ad77f490035
SHA1 hash: 2cb5b0baf553aeb7b14bfd466842ab40c6783a14
MD5 hash: 7f5013598e02d73ea28e48a1e3c23c12
humanhash: river-edward-michigan-apart
File name:nnnnn.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:475'136 bytes
First seen:2020-03-21 15:42:22 UTC
Last seen:2020-03-21 17:41:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 12288:LzXSfrAEmc8WHdOgRfW6UYne0Cz/ZLpo:PaEU8WHZRfXn4zNpo
Threatray 10'498 similar samples on MalwareBazaar
TLSH FFA4BE26AE70E822C5198677DAA740F5C6B0BC07ED42911B506E7D8C70F26914F8FDEE
Reporter paleoarchean
Tags:Agent Tesla AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42874284.14845.8363.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-21 08:40:59 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ppez4rlidrkpa6bhus7lkfwpcmdgnmtk2ese3co43ifd5heyh4hq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
229b77e177c83589c3ff1a34d1f1f3830bb769be4ec40fee0ecd3e937850da0a
AgentTesla
264a5899c8beb1a7ea17c92b396c0f5874eb04922e6642fd1b327533cb2453e4
AgentTesla
288b7fbde289cdb538509c40328aab30920cd1cc526cb91465716f63fa699a5d
AgentTesla
2bec7ecaf6360e49bbc65ebb496cd26001e349945eff22b8e44e766a17a65b83
AgentTesla
3250b52b1862d9ba4450046a7b492b1a2fe900134764873b5a6eca9587c28eb7
AgentTesla
9860a6eb9b7294d5e2a356968555b126c3e349006601e5d9ad58e6311798038a
AgentTesla
9c8bb36e3ceccec2d985267130bad6864b1d9cc8ab286f403d17287573ff897b
AgentTesla
aaf458d72c1ec9e6a99d8b10d58f54b6ae6695277e69a768152d8b35ac0bd65f
AgentTesla
ae2ac49c5b371950d8f7c7091e8073f6dfcd4d6663244ca76dc353a0fcbad9c3
AgentTesla
f5353450e85c44b4e012983d33ff1dba5ced57cec7d38761d4298384a660629a
AgentTesla
+ 10'488 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 7bc99e45681c54f07827a4beb516cf130666b26ad1244d89dcda0a3e9c983f0f

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments