MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b067f96d137ec51a531cf8f63e4f1f635c0e34b3ef1959b5e36fee449b4cc67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b067f96d137ec51a531cf8f63e4f1f635c0e34b3ef1959b5e36fee449b4cc67
SHA3-384 hash: 31b568b0ef2f10db1b7fd5b2c1abc2df479eee8d16b87637a72aad14721a8bed0ae15a9c3124d268e936a866182c9cb6
SHA1 hash: 1b84ca6d45cdf02689559b59b0d36f140b84302b
MD5 hash: 85381d9d83d9a35942dd69d9e9169dd3
humanhash: enemy-glucose-nineteen-ceiling
File name:Banca Monte Dei Paschi Di Siena S.P.A.bat
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'888 bytes
First seen:2020-04-04 12:43:08 UTC
Last seen:2020-04-04 13:31:20 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 12288:Ztn+sSbVWwiM5LBrG5jrijZ5FdBFPs0UeIOstUy7QcSRtaFM4Jw:qsSbVHF5NrG1GBB20mOstFcH
Threatray 11'055 similar samples on MalwareBazaar
TLSH 2C94E08C329072DEC927C972DEA82C60EB64B4BB5B1FC243905716ED895DA4BCF154B3
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.46310.4147.17450.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 14:51:11 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmdh7fwrg7wfdjjrz6hwhzhr6y24by2lh3yzlg26g37oisnuzrtq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0936bab6d42d8ed4f6d2bcc30be32f3864376dd1da6575cabc4d681de87cb387
AgentTesla
3ddfcc0ce0a57e7f3131d0ba603d6516f00c6cf94f67e79ab38a7e8f922f74bc
AgentTesla
3de5c485f705f1cdf6088142033fb366aafa369044f74cf5a01a8c3517daa831
AgentTesla
549ebde3daa59c044fc725c988ceced294da49053f723f31cae3a0bf9c7aa93b
AgentTesla
6ffedb30fd2f317830854aca524e621357bde25efcaa12f5c718fd22ce56997a
AgentTesla
83e53d7cb2f1c24c0d05496ef742d8e8584efc8261e4f915919c0029b35d2793
AgentTesla
8acbf14306b787f2e29dd9e13e57da8cea6609a3ba9aa86e126243e690a4bf63
AgentTesla
a142c942f9a16d223b3591c321dd47b72526689fb52a883dae9952a5d53b2707
AgentTesla
a3dee8c844802a63dc44d75204347cd3eff5b4e68f365f3bba937e652b563630
AgentTesla
dcbfc03cfe9523c25ab335f599cebcbbe8f2439ef7ab973aa9ec0330e4e7d11f
AgentTesla
+ 11'045 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments