MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663
SHA3-384 hash: ee94900e141e682afe4fe5a84e977c8679752d0d540d56a4c39f74e92ffe5995b071b0154244aca98c9c5d0a2f9fe422
SHA1 hash: ba44b9c77293e2a50efde7be10e67301ee674dd3
MD5 hash: aca5a35b863484a94a66cb52273dbb36
humanhash: aspen-victor-victor-muppet
File name:000102068976421xls.exe
Download: download sample
Signature AgentTesla
File size:513'024 bytes
First seen:2020-06-30 13:50:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:i1Bx4AsjWGUyYsk+ecUFMQBwd2Pr6ZYsw:i1Bx4AsKGUyrk+eR1wd
TLSH 29B4BEB1A2190FD5D8623EF585B3A8D13F72BC9B1028C7691D2F76960A73782D063E17
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: relay1.mail.datacenter.nexica.com
Sending IP: 217.13.116.14
From: transferencia@bancosantander.es
Subject: Fwd: Transferencia emitida a su favor
Attachment: 000102068976421xls.gz (contains "000102068976421xls.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 36
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17254/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 13:52:06 UTC
AV detection:21 of 31 (67.74%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-wtd87vbnsx/
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 13.70%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

70edd762c5c5ebd52987175dec271c4e

AgentTesla

Executable exe ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663

(this sample)

  
Dropped by
MD5 70edd762c5c5ebd52987175dec271c4e
  
Delivery method
Distributed via e-mail attachment

Comments