MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 921c69d4886edf23c097a657505f576fefd52618093601e0c826bfdcd0f0f090. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 1 Yara 3 Comments

SHA256 hash: 921c69d4886edf23c097a657505f576fefd52618093601e0c826bfdcd0f0f090
SHA1 hash: e5fb0b53a0fe2388224ae0e13026744a97a08bc6
MD5 hash: 6c7f5d5acffd4d473af5f47d91efeabc
File name:Remitted bank_xlsx.exe
Download: download sample
Signature AgentTesla
File size:436'224 bytes
First seen:2020-05-22 13:31:30 UTC
Last seen:2020-05-22 15:38:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:MjDNk0H692upA/+0kFJlsKxg84O7AKPAw36tKiJDy:GrH3upAm/lQ8tAuJIO
TLSH A194021566F8E316E67E87F881E0100103FA65371553EB9E4FD260D56AB3B108BB1EE7
Reporter @James_inthe_box
Tags:AgentTesla exe


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 21
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 33.33%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method