MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fc89c08916cfdbc1f950304f39fb0039437bf720a7dcf4e236636cb004caf9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 4 Comments

SHA256 hash: 7fc89c08916cfdbc1f950304f39fb0039437bf720a7dcf4e236636cb004caf9c
SHA3-384 hash: ba359e87f2741f84e458320197cd63c0cc9bfa89106e45f9e04b104e025378b11047044f922e2efe1e1184214ebece90
SHA1 hash: 40a93953f8b744f41136f4728b77d936d9bab568
MD5 hash: be8ecf5fc8fc6564c01a30e872bbe4b9
humanhash: november-gee-neptune-sink
File name:vbc.exe
Download: download sample
Signature AgentTesla
File size:463'872 bytes
First seen:2020-06-25 05:22:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:3TMX4ANiW5r0No6S4U9y2wuKdZcay+o5uobf:DXANiW5s58wuKdZauobf
TLSH DFA4021A376C6A23C67D0DF598C11B4063B97EAB3292F6CD6C8466A411D3FFA16213C7
Reporter @jarumlus
Tags:AgentTesla

Intelligence


File Origin
# of uploads :
1
# of downloads :
34
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Unauthorized injection to a system process
Gathering data
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Uses the VBS compiler for execution
Reads user/profile data of web browsers
Reads user/profile data of local email clients

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 7fc89c08916cfdbc1f950304f39fb0039437bf720a7dcf4e236636cb004caf9c

(this sample)

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments