MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b52d4177277851b95c5cdf08bf2e3261c7ac80af449da00741c83bcf6c181d67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b52d4177277851b95c5cdf08bf2e3261c7ac80af449da00741c83bcf6c181d67
SHA3-384 hash: dc14e4f508a8a97a4eb3a12106aa160eee36ea8f29b9777eaa9946ee195c874ddfd626adbe7465ca13fbb57551b5307b
SHA1 hash: 78bfb65d32d9026aa5580f4458cfc1d391a21b30
MD5 hash: 42b909b1cd656a33b789aaae7c859639
humanhash: bluebird-beryllium-edward-kitten
File name:Echelon.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:808'448 bytes
First seen:2020-05-03 13:30:19 UTC
Last seen:2020-05-03 14:51:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 12288:x8V2JtvGVkNLvuvd/XyhTycowQp/BDPcSelc8ODBeLVzeNpwNCkolML:x8V27vokNLQyhFoVdJOlc8msV0ECkvL
Threatray 19 similar samples on MalwareBazaar
TLSH 5505022873D88F14E6BE8DBAB47046158B39F1639D83E75F4E8090DA29327199D11FB3
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.MSILPerseus.214709.31930.14139.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Coinstealer
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 13:29:49 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wuwuc5zhpbi3sxc434el6lrsmhd2zafpiso2ab2bza5463aydvtq._file
Verdict:
unknown
Similar samples:
496b5885ff8f521c91ca037338e188ea0374bf86816d0c804d3010fd2f5fec38
AgentTesla
5b24309c73efe765123f586a6b3c522a3a2438ddc372819ab9035cc2eaff1257
AgentTesla
5fba5879d38cea0fd0f956b583c7b5ecd0105928d26315935d4f7a8f9797d885
AgentTesla
6ed8e078433a7e7938f2084f83a640d707708ac99a246b31736bd22327664668
AgentTesla
8a4214d3c69df6a10e057fe1071e6bbb2ebd463bf3e73b9c66c3cbf3f31839b2
AgentTesla
9254faf90ebf9e32ea3f024c10a212c03d7c2bef3169bd0710b3e45e7d18e03f
AgentTesla
99ee06f5fb4f0aa90678d6a6405d2d01138bcd128c6d2aabecda07c110361ba2
AgentTesla
e81e9dfe89a98449992b1ca9e4acb9905b606dc3de186b9de94241bde3b230be
AgentTesla
e8bcd430d48c430ced6992340cbce21ffc1a4d8cc60e6255b76870d33a5ea6b9
AgentTesla
fdf29de5bc715feaa80709bdddd59b8293aa538d257ba9dd6a287d065ecb68a8
AgentTesla
+ 9 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments