MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccd2ac5dd1eb20c1e42569f55fe7ee5c428a2afbfcb909205e7ecd3077b5c677. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: ccd2ac5dd1eb20c1e42569f55fe7ee5c428a2afbfcb909205e7ecd3077b5c677
SHA1 hash: 33e21320ba3ad9c5db637a304aae5f1e81a0c90a
MD5 hash: 4d0db60f2f037729a781ae2bc43c2e06
File name:4d0db60f2f037729a781ae2bc43c2e06.exe
Download: download sample
Signature AgentTesla
File size:308'736 bytes
First seen:2020-05-23 07:24:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:W2+dydDXpeBHx3x0S2re2u5WCUMrWBob:WddylKKk5OM
TLSH 946419BEAB48B902F13D1D7351D1622092F1D0834E12D34F6EC46AFDBE517C96A4A3B6
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
server257.web-hosting.com:587

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 25
Origin country US US
ClamAV Win.Malware.AgentTesla-7660762-0
VirusTotal:Virustotal results 62.50%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments