MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bce54c823dd88b4bcb06eac2581ba7c290476786d6c76daf0f765066742e0c6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: bce54c823dd88b4bcb06eac2581ba7c290476786d6c76daf0f765066742e0c6f
SHA3-384 hash: d0b82477c9b2035bd71fa61490c9c78d5ec0b567f4ae9450e563cfe7ec3966378dbfc58fcedac50ec9619dbc86fe3c42
SHA1 hash: cd660cf95580790d1021d69d3e11423586938c32
MD5 hash: 2181ddc7631f71f3d6809ba15f89bf49
humanhash: potato-seventeen-uncle-lamp
File name:Doc#243567298.exe
Download: download sample
Signature AgentTesla
File size:588'288 bytes
First seen:2020-06-30 12:20:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:l9OoIUhn2/SMcbdJsbUmbuPzmR1HqKn5lmacku00WRI2jGp6+KNXfJb/JN:l9OoIaoS/7oUmqPzmRHJX/X
TLSH 12C4BE337180EBFCFEB627F3626945A00FD76F678395DA4648F80E3E0B495718A05692
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: pentrutimisoara.ro
Sending IP: 193.29.12.38
From: facturare@ciclop.ro
Subject: RE: Payment Inv Nr-23054166
Attachment: Doc243567298.pdf.z (contains "Doc#243567298.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 26
Origin country FR FR
CAPE Sandbox Detection:AgentTeslaV2
Link: https://www.capesandbox.com/analysis/17130/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/bce54c823dd88b4bcb06eac2581ba7c290476786d6c76daf0f765066742e0c6f/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 10:02:54 UTC
AV detection:21 of 31 (67.74%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-zf4er1p8va/
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 12.50%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

974e976611123d8d9abbd90962cab3f7

AgentTesla

Executable exe bce54c823dd88b4bcb06eac2581ba7c290476786d6c76daf0f765066742e0c6f

(this sample)

  
Dropped by
MD5 974e976611123d8d9abbd90962cab3f7
  
Delivery method
Distributed via e-mail attachment

Comments