MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d4ece884460b1bf17b3de45eaea64b28f2bee38e8e29265816d33f134873886. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d4ece884460b1bf17b3de45eaea64b28f2bee38e8e29265816d33f134873886
SHA3-384 hash: 3de27db5502b7475aaf7766256ee6f4359c7e432c70f0213493a8765ff52d0bb9dd2a9d4f3a0ad24d3ebab294e1c6e00
SHA1 hash: edfca9e4246044ac1b2b44266c4d2d6f000b76f5
MD5 hash: 905060a53b40ca10560ac45d7804ef1d
humanhash: hotel-utah-mobile-cat
File name:Scan #00274611-04152020.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:458'752 bytes
First seen:2020-04-16 13:24:46 UTC
Last seen:2020-04-18 13:48:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'660 x AgentTesla, 19'470 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:LIfaKkG5gqzDQtMnDxy27lau2KhuUdaq+AYp:8h5g80MnDxb/huE+AYp
Threatray 10'942 similar samples on MalwareBazaar
TLSH 16A4220E52FA667FED4CD1B9905252010BB9D131BFA7FB9D9E4E92B6881F3F249005C2
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
4
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.278.26463.18383.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 13:35:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvhm5ccemcy36f5t3zc6v2tewkhsx3ry5drjezmbnuz7cnehhcda._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
03ffe4f20fb755df6d624c00fa8146eb3870b55fa5356d25b50ebfc197f7ade4
AgentTesla
1c74ee33301b9e985ee7f8040f12678fff3743fc250cc04230e54a2150dcc642
AgentTesla
1fba149abdd13bb0e795a4c0d05eeeae6dcac70bf6168e21ac10c74453b62ba8
AgentTesla
219760dead477932b0a969b38ecc8d7ee41b2da4de72f32700f905cd705c340f
AgentTesla
328c740e1a418efd5026d7b6a60bd0f9a7a8331a41a565ba0cf96761d9f1e722
AgentTesla
6b1aade8a770446115bfaac12bd0744efa14a9115ba519cad9e979e3d2b6e7ed
AgentTesla
8425c75594dede14f2b9c7810e6c8824c7666329eee6866beed84e1f7674bc70
AgentTesla
9d4f8c3fe45181fed421f43fdf70dd51095e324b20af9ba36dbb76d74a46045f
AgentTesla
a9230f5df9036bf68439c3a2bba49e7d20290f29c2da950e79a19fe56df620c3
AgentTesla
dd1b5d3e6e56c8b5fceabda45b1a1f9a8a8da54f8cfda42b0c207d18aa0cdc5f
AgentTesla
+ 10'932 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments