MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 18


Intelligence 18 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
SHA3-384 hash: 683d152ad3dfee507cfda510c07874ab2adacc1d0b19f4dcdd7a6b70da52320ecec70ab6f46f4c04dbb22607388f2add
SHA1 hash: c905d742fe3fdf245423e3fbbc1d8898c5134cee
MD5 hash: 7c3393719b6d048923f447fa8368fcdd
humanhash: happy-harry-tennis-speaker
File name:AQUAVITA AIM - VSL's PARTICULARS.docx.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:756'224 bytes
First seen:2024-08-20 06:13:08 UTC
Last seen:2024-08-20 07:29:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 12288:LWkyCwgqaVou/0PlJ4zpVfaqdsq8+o/PAymx7JRdmKF3H/wL4qRPVNsP2IT2zZxK:LuC/qaSu/KJ4zpJxOqq/mx77k0HEXnNt
Threatray 3'931 similar samples on MalwareBazaar
TLSH T162F4129857018C17CBCA9BB454C0C77CA2B28D5E9253E342DDDAEEFBB6667B19421083
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon 806cce9c90c06488 (7 x Formbook, 6 x AgentTesla, 5 x SnakeKeylogger)
Reporter threatcat_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
381
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
AQUAVITA AIM - VSL's PARTICULARS.docx.scr
Verdict:
Malicious activity
Analysis date:
2024-08-20 06:15:09 UTC
Tags:
netreactor evasion stealer ftp agenttesla exfiltration
Link:
https://app.any.run/tasks/eda474e8-e847-4467-b2f0-e148ecf64350

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.BackDoor.AgentTeslaNET.27.18594.14475.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66c4342bb2a4681a72965a71
Tags:
Discovery Execution Infostealer Network Stealth Gensteal
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fe452153-7934-4ab3-ba05-d395e746770b
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1495428
Signature
Adds a directory exclusion to Windows Defender
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2024-08-20 06:14:05 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
29 of 38 (76.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhymlfpgf3rrwf7bwywmppsvdioni3btswrif7vnfe5fam3himua._file
Verdict:
malicious
Label(s):
agenttesla_v4
Create hunting rule
agenttesla
Create hunting rule
Similar samples:
053c940f835b1c6624b6b0421b680da5c984b056734db107a7d6c8dfbe1837fd
AgentTesla
0899638cfa6353884fd28f5e4e99d61439ad14e53956b68e1b37253eede542a5
AgentTesla
8acf98103ca250e8dd4d0e507e87c51085de89a0faf2955fbc419d9354b3793a
AgentTesla
8e3db35284b6e1ea560c14a69ea4dfd6ef8e27fe9974a609116d00f2d764bfeb
AgentTesla
c1da889268db3a1dd91eda6f8696a9f9f6750012cf40f14fc3b38fc0d831610d
AgentTesla
e7864a121c2abe3f5398b03986d53cef01044dc8ba32e0cd30448d3ae8a78112
AgentTesla
fcb4c6602aeea8229338eab9ed2deb97c27e07601791ef19c7e43a830079e416
AgentTesla
+ 3'921 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla credential_access discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/240820-gza2faxbqg/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Credentials from Password Stores: Credentials from Web Browsers
AgentTesla
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b5c739a0-1924-4ab5-bdb6-2c1f3a938d3b
Unpacked files
SH256 hash:
8ded42c9497f99dd8b747b8da9c7963e6fa3d6e7f3622ef1fbaa04b50efe9d17
MD5 hash:
7017a883e86a0e5bdc2ab2d18534cdf9
SHA1 hash:
b40fc9e21fa53ddc9b4ff6cafc7d0b591bfc34a8
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/7e62226f-2fe2-441a-aea0-1a706165a491/
Parent samples :
8f81ed1c250530c6a24f60a8f0c39f48bd2c98f08e6100bc8f844fc3a53c6909
7534c32fa2dff5d752801f84545c23d8c09b7b8a698a61169a9e1a851699120c
7e9e2285a304449495c336285f1f7f0153c175ab2cd5c35492d6565d89c8c137
6cc066c3a33644d8a54496de97374b7a8804b490f7d3ca66c62c1bc6cb695fa5
72e7a39bce46e45402cbb4ae13053d57e87a62b06b53164acbe8c18ccf7dc696
db87b7e683d92aa8d013663c6bc6ba116023af2cb7f9ec6c2ad88694235f2b12
d6cbd0b24b82cebe1a66094b0678d66c5f508f5a1c98d7143de9d1871daeffc3
72e3890b8af3c836705f640704aa03680b1092e5c021a2bfff35d931062bfd89
13f0a05e86fdf85e8891b494574421ff3da0be5e7a71e48f7e32f6c9f35eb2f7
7d50338fe1feeb6944bfd552e44f266d764dafc089b853a6ee24f67ef322c124
9e6875db397f7d76fcae09d39360a73237b11b1fbfcfa7275bb7fe7cf0d87df8
943d44f043396e794716c4d82c4345e749eead0807592339cdde186a7bd83c51
a76d6e19ac59db6afea91b625c29f06f25316ccb74e1b7bdd59c68cb0aefac34
b9996528bea4f182b005ba60e72f604602f0749e5b083a013d6096a3960052d2
00082a148e8eb6745164c0cbf7c142539ada8fb4004deb8b3ae028b7181c552b
053c940f835b1c6624b6b0421b680da5c984b056734db107a7d6c8dfbe1837fd
8e3db35284b6e1ea560c14a69ea4dfd6ef8e27fe9974a609116d00f2d764bfeb
e7573cb6869df680fa42552e27b1a6bd2cd5a76c48b1660a41897dc30a0e53ba
f8353eb981e7fce8af5663a30b6ad844d44d7eda87ff717f85f0046e3c065985
ee6a1171d804498d93b3877e1649a3f0075ffad676875c875e4778823323692e
35a9609805bde63b4e22255d365fc6a61724fcb9f8456899bb085b76f0160d5d
d00af7d1aa35864537045299a782f3b010d5fe3a7e40bbe04846a2baa07a93a3
75a2f037e46961ac9e70ac8a8d52f06b4b20786ac7ac596abbb039c6a2715430
d3c4f42060fe5520553f915832b413f6f8f0f55307646f86b44b150389069463
40cebb630f935210e93b1e5569a1181a0c19cee3c4c129550dece7add29f27b6
f5dcef48d10d26c35b7123ed8b8281eb18b0aabd2fba48509da1d75732804d0d
013f695b5ec6d00214cc5835bb446a73382871e90cb17c6d8922c3b3ef7484c5
8b9ed7cbe84b68a9b190a2cfc34c605bc1e2f3851f8eeeb84d4313d8b42431ff
c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
046735ced511c1064c2ea51fe6fd55ea1dc5a2d19e608bea4c8df9f8f376a78d
29fc4ec2272e265faf58a71365d463e953c20dcfa192b6208a1fd6ddd25a7f11
4da4d8e83255158a09663b9da8faaecae3a0a9175571aee37567f224cb34e694
d100685c3e62fde73e33854186142c68d4fdab117a4c2eb11a1c73dc362a1277
81ed143389ad903c7669aa1da459fbda5b0d93a157ddddb7ddc1ff8e22b97e96
e762546dc786deba408a71f5cb8369a84e56e07c21e75ac56a4a7dad522b28af
878f318722d59f4bf5e617bf4daef2f12f539170f16d5b263d816a03b9d5107c
1ee774ec1cf70a9cbb1a383d7c7c61156308d936e070a0b8e726b9892dde2ca9
ae284655948354c6ed48e95cf2aaa058d376ed19d2aa69aa38eecea72ee2f576
6fce035d54888d7895091ecee886b64043cbcb5cdb410457411ae156a822973c
576f4658c5c58273967350871dfd6d60e64d54d772c812f8507de67d4784f6ff
03bc82a58bda7eff17320728048c0d37fa376a64f08504e7c0454b743790d5ac
1fb620b3a5fef04e16e34e800f05b3cb7cbad920b33c66d799d305ad15801224
dcb417103bd0f315ba7cd30f1eadfca56a56122caec7ce4afe96b410931f43e6
7bc7edf2f2fafaa8457fb596cbbcdedafd23544d75e739e777b73790965df6bb
584022a11fa25bc77ada9ec361c791001f8d8da848930b386f42841d9e0be7d6
93af04866fe94141664174864c6965777d7f78897a27ca858d6f79b653ca943a
23b9b4a46c15c5fa3b7445e8041852f3dc831547903250209ca738b1a17fb7c2
ae082792bb09ee973564e6e71c92f547fcbef3fd5d6c3b4f8e2172044cf2591e
496ba3f23ddaf5c1514228f1ca90b1de4392a159eaac3ecbd5fbe3fbb28f819f
bd0e1cfd8ac5fef73e78b0a784c11682ed8d3120e6293d7d87425e5cd65d91eb
e0b9c05954186f5d54bcaf95e425448540d4a0fdc6cac1a12899bda66e38ac37
3a4cfc46e94f08076d2ada85e0d51cf06695bfb54ad5f37c316c70d582839d15
94338a235c9207ba31032496ba04d39ae887a3155c15d57347307df2dfa16242
7ebbd7733c41e5d8d4071ac4bccca6f76577d8dda2ef2a6723b90414f444454a
d613473068f000318d1015b85a0f49f9191263041ae8debcc7250876ae146304
4813a5905b2003965fe10155c8daf3cdbb57017af02483a53a2d5ca11a9270f7
cda34c7ddc45a0ac67f0f3745b91686c285bc86f108c5c2deb36c1c3a0fb5a4f
0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11
7fb1caac122f0f3640e234a54256f2a97b44bdd0881124191c352c7e797b7dc2
SH256 hash:
2bfde305793352cc0da1adb8ed99447ad59f25f03c67d5756905cce802618749
MD5 hash:
90cebe77febe3d68f79fb7e03876149d
SHA1 hash:
a665a04102d72778358e1b045fe3dd46996d2fca
Detections:
win_agent_tesla_g2
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients
Create hunting rule
Agenttesla_type2
Create hunting rule
MALWARE_Win_AgentTeslaV2
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
Link:
https://www.unpac.me/results/7e62226f-2fe2-441a-aea0-1a706165a491/
Parent samples :
bbe3fb7e0f0ddf898c7f5055707dcd5847cf14801f02563f384b75ffd06ece4b
8647436d5b5e93de1fbaf9571e584ceaee4a620cd39b60472da87e694239c317
c09cba9da1f8a6c8fbda87ce1c29455118eb13876286388a7d768ba98585aa78
d9af97e029e98b7502110beee9913df5132c5e1ad620e6b8124bd395c72131d9
fcb4c6602aeea8229338eab9ed2deb97c27e07601791ef19c7e43a830079e416
053c940f835b1c6624b6b0421b680da5c984b056734db107a7d6c8dfbe1837fd
8e3db35284b6e1ea560c14a69ea4dfd6ef8e27fe9974a609116d00f2d764bfeb
c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
793683a76efa38f5ad0608e7a7419af3802b4a7cd5d3d428f2f1a7e6f0e6ad0e
db20bf3295f1aae23ce386ffb850622a77a474a8a1ddaf240965082ee03055bf
faf287257529efa93234ce96fd47d0d43a4884deb7ec54e337bb8ba49b1d12d8
90bca1aee1c83d0c4efc1d89a1c57b991be078a6fcff421495fb9cdbed974c70
b3339675855dc36ef85d78208f43924b6eb62a978caa41971115b13a8c9cd951
03438d007dd69f9021f8c37eb21cd9f817189c99f86e94136b0f6223e07a7366
20aa510e22a6e0abf81a9cdb4491977cc7035ef0f62bf4e97e880688594707a8
ff487e2ea6195cc78c6c3f1d9d23aae0902eec37964143cf85cd425252a0072b
eec4404be651d77865707efa282ec7899a97550ad25351a70a926679f6b34bdf
430ca931fb30ead2352f1f6cc4c832d5e83d0586818e47febd3d9d2dd83950de
e0e7d67763efac156e039e3b9b8e4cf0e269109164788c4901f338f1399699ee
a2e0b264504e6338c455b6227e85273903c8f1f901809eeaaaec9e917ffb09dc
5565d238feb8a0e52f4185f696eac6e4d817d878ca99aab4ab16a341b3c828ed
7a52724e8dd312054edb1fe92f4661be8a4696efe209edfec3f43b7fb8fac3c8
97a1e4bfc76eeec8faa59bd7de85088d2e42cf9562ea66c2305d0309080712ac
68f8a928d8c7b9b1da3ed341ad581da0fadd5bdddf781e0d8831c94553d8d5b3
10eed1464345d7548cbbe6e76ece440f249d9daf5bf13f973f68136d986c7fe5
99e2fcc17330e0e1d8e31c814d659c4a00110a6da389102e22a25eedae3933b2
cb9c62c96c1409b6151ec4cdcda1b0750a13dd61352ca9ed91382a978cc8bba0
7f7219150a44e397a72f82fe9c4232887e991f0b3f0469c29d5cd2b8e3f3d0a7
1f73dccfdf8ee9cb8fb841e40c88a7b124cd28c0b06688eaf2bb81ef4f4ac0aa
c75134c43e97b75bca4ced11b721253c5774cb0a78184acdc5c55580aa07df85
ad3517d5640b93e40bc1e839f6616222801d06dd83ed5887462a71f3858f5b40
941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
59e8919a70ecf74746e7bac52469b520a8a4fa929e8fa8171e22342d8dc4e1d6
b3c12cee79f27bba7b9d58c690083d38170fac66c70ab18dd5897bf0268fc114
e9be7f50bd810d3b8a459a54c2310b567dd7065cb52803306cc5e6132eb9e12f
2b1c8e28590c81630fe3c284857734161139c1998cdd28e899cd1049bf5fff0d
20b88c89c50d71a77a0f2e1007a39cdb0b78f44c8507d3b492e8875a44861279
25cc6ca776e3d36b9aa29c331b522f23f1b309398372089d51297ff179a51bb6
853b91e9b020663d17ecc679445126b293adf51dab2791e846c31adf4fbb232a
2f7226f97fc49d8e893e80ff5e3e1127d0ae76650045dbf30c36ddd0535c0af1
8c511dab54355d76edfda60811e62b832f7593919b5c8f683b53bf6690bc808b
2ed7941c78a8b93373502b3b638392b1981785718e31bbbcca4f251d6b21f535
fb98e235d9cd58d96ab4d3389fdacfff82beda19357f313fabd95729bc984ee1
2fc60266d45774d861a84e932cb572f683a5c140406a6709adb10a08e5391b9b
2843e5be520970bc04d4c2d1d64749c730cd115037cd11b10a5c4073f001ad7a
ea245dfb5adebf5c9635d41f7e92c9194f6a20f900d9bcb14b8931501f0bd411
4da351698b0432b56b06b8bdd26fb7103b973a7c70bf666cc1a26e13fd2585bb
29d5ec780d5e5c02484ba41f291e35d29910e0ea2221c48f2ba19c9be746b8a7
602c89f6771cab55f5ec65aeaff614585d4cde2ff38f5751ca52fd062e871d19
0e52d5414536fce593aada88c26086af95af6b44d700b70315f4fdd9feb0b093
b21d51c3a5519c6e41de9ef4e4bbdb821f2d76f6cc1e2b01d0a0fae37723f25b
f687ef7cfbf2fefbfb85644f57319e28c04f9feed590a317056fef8c130c092f
d16be68a77facd56c4553aff3be893308c986f726619cd0785b5cf8cd5993f88
2c94e0937726b8c53f46350c17b50abb816f720708055e92a097c796a9970f01
265047bb3b17c31db8680e5dc97255cfc147e02f730db48a6852cf403033ea69
933e3e0bf29c5545bb4ea400f0ad62be69b957475e82a6bc8ce3c2a44622d4b0
71e061da69a80307913e97800c500938e1aa6eadde0fd25758b9b394ed1532e9
ff67a4429b3cd257a8ef58dbbc90450eda82271ef4256ba1dc5fa6eb215fedec
2f0ae3872ddb72b9c17060aa7608559a5cd92d376dfc88441ff8c54e6f1a65dc
9bb11533ca7287474f25da8cd5ad24afacc6b66175798298c6924035b9b3f92d
ee0176357d58650cedb8212e95249b9ac0e17145587e398a344c03ad95334618
4c17a091bd4bc5abea728c7245ec9c15fb98693e661bc6ec20239b91db33faa8
8024fb977a8ce280bd9bbe8984c2a1eb02a39c82222940de7b8951fc1493cd80
8b83d463c4ddfc873ac4954f326d473cd6aa3443617fdba8860680188500def6
69b4c8361199937a0cb7e28c689e3dfa2967af5dc5ed0c1fccd770273cc3c71a
0f22c8a761d26fc6db2f20b2c3070269bf8248eebc03743250da0805ee9a8511
183c72638416f3649f30da841ff7a88d29f6cf22f393db7a96407e939b9c6647
SH256 hash:
8732de15d74206538744055de4863ad333a6350538d4f6932b0dee8d116289dd
MD5 hash:
e0c030dc75bbaebc6353542235f0b4ef
SHA1 hash:
874c011747ac7dd0deebe033a67405ac352fec06
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/7e62226f-2fe2-441a-aea0-1a706165a491/
SH256 hash:
624d27a88b1c7f8d14aff615c69bfb1d763617bdb56851c28e61f2f4e02ede93
MD5 hash:
16967794563fd13bb2b4dcf2a6746e34
SHA1 hash:
06c0f5ab0e1a44caf0cf981cebf74c685adf29e5
Link:
https://www.unpac.me/results/7e62226f-2fe2-441a-aea0-1a706165a491/
SH256 hash:
c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328
MD5 hash:
7c3393719b6d048923f447fa8368fcdd
SHA1 hash:
c905d742fe3fdf245423e3fbbc1d8898c5134cee
Detections:
SUSP_OBF_NET_Eazfuscator_String_Encryption_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/7e62226f-2fe2-441a-aea0-1a706165a491/
Malware family:
AgentTesla
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c9f0c595e62e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe c9f0c595e62ee31b17e1b62cc7be551a1cd46c3395a282fead293a5033674328

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments