MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bccc23b47532cc1b95e61602152160960a31ae993aa85bf4f8448d8ea41212dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA 2 File information Comments

SHA256 hash:	bccc23b47532cc1b95e61602152160960a31ae993aa85bf4f8448d8ea41212dd
SHA3-384 hash:	e4454d792d6abe84bc2a76cc0c99264e0c5e03bd235e18e867e8872d1f9522edf8e50a171f3134e14e82bd536a5539d9
SHA1 hash:	cfb95f6a4288409d610ef566feb80978443eb528
MD5 hash:	d9878f6c8ff72dfeed98c8c7f10dcce1
humanhash:	lemon-orange-delaware-single
File name:	Order_Confirmation.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	663'552 bytes
First seen:	2020-04-30 07:30:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7d9b8daa498599869f9f42804ac14a2f (1 x AgentTesla)
ssdeep	6144:xE1YVXilKJg3l1LR/vpGnURDgMmdBYDkollEYHkVUMu2EfVieU4gBhUDxJAa:qNfL5AnURiuDvHEYHqUMMdvZja
Threatray	9'903 similar samples on MalwareBazaar
TLSH	52E4BFC2AE868FA2DE874DB5967B3F844B13E211C8D26A43602C817FD4736F0567936D
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Dropper.Genkryptik-7086920-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2019-07-30 00:57:03 UTC

AV detection:

25 of 30 (83.33%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

guloader

AgentTesla

24a1e4d82d8a6b9594aa9bc4d26df0f212c6b2cf48964fdd46cdad6c03782a1f

AgentTesla

2bd4a68bf90d7d007980c8c9a6ca3859507d6f8ad00c4d53b859ffe9e7311751

AgentTesla

3174e8d8ef60806faa8b1e19a54ad0d89912ad75bbe63af481c5007af6fe1ea0

AgentTesla

3460bddb22bbd2c03da5dbcc68e6ce1d54cfb1d5991196eff039acb093d96307

AgentTesla

754b203cb7ca6224a217e4187151adb437574b95fe15fd1bb7ab887cffad8bce

AgentTesla

7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe

AgentTesla

b295967168e9fc2f06437a12689122301171650aa213095bda2c1260d8f3c607

AgentTesla

dc186623afc0375b9ebd176481a9f37268351cac07f2825b8221124ec7ac9edc

AgentTesla

e42e9a9d0222fd8eecd5b406ceb2ab65a9c965d9f3d5d11043ea84a69349f432

AgentTesla

+ 9'893 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_agent_tesla_g2 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

Rule name:	win_blackremote_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample