MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042
SHA3-384 hash: 85df561c809a51f21dfec737fbbf9f8095b1a9741824b4f3dd6092a67121ed2c6a7050310c6729e3c31f0c66fb4daf43
SHA1 hash: 93ce5b77da316e1c9afbffd9bc1da5897fbada69
MD5 hash: a70f700b73b9643d14f1119627bc2682
humanhash: hydrogen-delta-aspen-arkansas
File name:a70f700b73b9643d14f1119627bc2682.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:104'256 bytes
First seen:2021-07-15 09:48:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:E+DxikcgjE3/tt4clbsPg4uMwMs4ucLk5UrVVIZW0qpiCw1J238VLHx6aNlsEqFe:EYcgq5Syg01CALrNls9X2Hd4+yBCz
TLSH T180A3A53123FD9B19E136BB3D4BA5A900ABF9F151D311DE097D85028F8466E84CE62D33
Reporter abuse_ch
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a70f700b73b9643d14f1119627bc2682.exe
Verdict:
No threats detected
Analysis date:
2021-07-15 09:53:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6e6432c7-2ee2-4ecb-8d1f-b5638396bf41

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171946/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.924-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/856ffb61-1b69-4547-94e9-2c4c23877858
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/816806
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-15 09:49:07 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2lx4vdwpd2de4egceru7byoqntobpkgewwvev7qjovjfemaxcbba._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210715-vm543aj5cn/
Unpacked files
SH256 hash:
d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042
MD5 hash:
a70f700b73b9643d14f1119627bc2682
SHA1 hash:
93ce5b77da316e1c9afbffd9bc1da5897fbada69
Link:
https://www.unpac.me/results/21b1a28d-21e6-42c5-9472-319b48489a4a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1430278/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/171946/

Comments