MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d3e005de2a2653aa88e129673e8996751fbeb0628a2710fe0081e424a13d4ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: 8d3e005de2a2653aa88e129673e8996751fbeb0628a2710fe0081e424a13d4ff
SHA3-384 hash: 9af72a054028ec8e2379657da212c6dc2566cd4e91a25c4b38b088df60a0b649ece8649fddc3dca4a50471005bcc0174
SHA1 hash: ec03b8dfb45141ac9079bf481f83313139531fcb
MD5 hash: 385c4324119139917e9582184bd33c2a
humanhash: washington-sink-princess-single
File name:QUOTE NS-0885995 30062020.exe
Download: download sample
Signature AgentTesla
File size:719'360 bytes
First seen:2020-06-30 09:17:49 UTC
Last seen:2020-06-30 13:35:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:2AwUxiUTMUTRjFNSXo9wWhGk3een0usLZtT:2gISh/fLs
TLSH E1E4F72A7E84E544D13E5D3350EE195263B1ACC31637C30F2E8AB7681F712AA3E1765E
Reporter @jarumlus
Tags:AgentTesla

Intelligence


Mail intelligence
Trap location Impact
Global Low
CH Switzerland Low
# of uploads 2
# of downloads 27
Origin country US US
CAPE Sandbox Detection:AgentTeslaV2
Link: https://www.capesandbox.com/analysis/17077/
ClamAV Win.Malware.AgentTesla-7660762-0
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/8d3e005de2a2653aa88e129673e8996751fbeb0628a2710fe0081e424a13d4ff/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agensla
First seen:2020-06-30 04:04:00 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-dblzyqldra/
Tags:persistence spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 20.55%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

5d7de1c5f9e2f47722b0d00758a6039a78ffadcace9d205add8bcad6f7159294

AgentTesla

Executable exe 8d3e005de2a2653aa88e129673e8996751fbeb0628a2710fe0081e424a13d4ff

(this sample)

  
Dropped by
MD5 cd641a1bbc2a3666121c2dd5773944bc
  
Dropped by
SHA256 5d7de1c5f9e2f47722b0d00758a6039a78ffadcace9d205add8bcad6f7159294
  
Delivery method
Distributed via e-mail attachment

Comments