MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 942ba8391b19db4bbf53dc65cf6e170dadc6117900d468521fa69340dd575ac7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	942ba8391b19db4bbf53dc65cf6e170dadc6117900d468521fa69340dd575ac7
SHA3-384 hash:	806e8f1e4f7175afd435b7c7cb84f420e8c8bb1f7c8a66a7df0951d2317c2deedafbf03359cde00dd15dacc912a70cca
SHA1 hash:	55192d6960cd960e2ba634151a9887371c29d807
MD5 hash:	01aeec921c9f42bac1a6daeccb9146ae
humanhash:	romeo-video-victor-louisiana
File name:	SgYRyTQ.txt.exe_
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	303'616 bytes
First seen:	2020-05-29 07:59:39 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	6144:jbZJzgOR3cotFS9eG+O2jOtSslIYCJG/Bma2YXmcHZROfnE7Ws7skSLps:jbZp/1cotFS9eO2jWPlI3JgmTYX9HTO4
Threatray	46 similar samples on MalwareBazaar
TLSH	CB5402003BC74302D96955B080EBA47883D6EB9F3673EF777D48A39C1D522932E8D699
Reporter	oppimaniac
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

71

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Msilperseus-7772566-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-29 08:37:39 UTC

File Type:

PE (.Net Dll)

Extracted files:

2

AV detection:

20 of 31 (64.52%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

1502cf57b3f170a9c0f179e8427085a953ea72e76fc0f654484d6e0e136c6f55

1cde71bea7b12085fbe50e7f11afee55f7dcd6128b3f97a4d888436b19d4c2ea

5548abe06d971143d889bb02d56403770e68907400349c8534ac99ecca193812

632fad824e77666d3ccb676808a2f04eb349f1f0f1495e75b37aa47e690ffe14

a50f9170ee444aa88d99e2215f2ee8c1c7d1c9b93f686ec403e34ff16b585b86

baadeb19ca78cd5bf6b02d15ffd5c90059b944415189ae24adca24abdc701b33

bd343b1b5db4f37db72ebf4abba33431c9e28fbb845e847ee1184270c8807204

d71e012a83f40bf8ab9676453b7ad61b5b34ee748bcefd56693f073c5a453016

f1d81ae5a4ea7a71d5d7147565fecca141a8e03148ef3c9e7583b9159923d17a

f9b03c723f0707c47dc00e0d77ac55559d2cd07cd6b38a67126e535068ca05dc

+ 36 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-dt2ymfkj3s/

Behaviour

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample