MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 921c69d4886edf23c097a657505f576fefd52618093601e0c826bfdcd0f0f090. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 1 Yara 3 Comments

SHA256 hash: 921c69d4886edf23c097a657505f576fefd52618093601e0c826bfdcd0f0f090
SHA1 hash: e5fb0b53a0fe2388224ae0e13026744a97a08bc6
MD5 hash: 6c7f5d5acffd4d473af5f47d91efeabc
File name:Remitted bank_xlsx.exe
Download: download sample
Signature AgentTesla
File size:436'224 bytes
First seen:2020-05-22 13:31:30 UTC
Last seen:2020-05-22 15:38:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:MjDNk0H692upA/+0kFJlsKxg84O7AKPAw36tKiJDy:GrH3upAm/lQ8tAuJIO
TLSH A194021566F8E316E67E87F881E0100103FA65371553EB9E4FD260D56AB3B108BB1EE7
Reporter @James_inthe_box
Tags:AgentTesla exe

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 21
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 33.33%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments