MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91851769866683928386ff31be4c79c2c6a67708a3ca6ca0f564e64304d73fe9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: 91851769866683928386ff31be4c79c2c6a67708a3ca6ca0f564e64304d73fe9
SHA1 hash: 143b9762a85d609557b10fd003ed90d9b6f271c7
MD5 hash: 116894c1204646ecc88c54b5e540b4a7
File name:116894c1204646ecc88c54b5e540b4a7.exe
Download: download sample
Signature AgentTesla
File size:447'488 bytes
First seen:2020-05-23 07:16:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:mUIojnLpngTlOH3+HtrnNZxWKm+BEGKO/kQSImW3sVXltl90aFdbMgE+bEWp/YKI:V8wHONr3xVB08mWcV/jU+Jp/fq
TLSH 9E94021926F86B2EE02E87F9D1E5100017B1727B2953F78E4EE3A4EB19777308B61917
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 26
Origin country US US
ClamAV SecuriteInfo.com.Variant.MSILPerseus.224337.7197.24182.UNOFFICIAL
VirusTotal:Virustotal results 45.83%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments