MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d63ae672835f5fd689bf0a4c5bd1aaacba19379c6467fefdae6b9fc1518de9e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: d63ae672835f5fd689bf0a4c5bd1aaacba19379c6467fefdae6b9fc1518de9e0
SHA1 hash: 1ad9fe5311ba73a05e6e71ab451a2174bf5740a0
MD5 hash: 847360a3f7557c292401cfe142255199
File name:SecuriteInfo.com.Trojan.Inject3.40368.17518.19914
Download: download sample
Signature AgentTesla
File size:537'088 bytes
First seen:2020-05-22 10:52:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:xxoNq57UeGxMNwsu6GxvaHe7oZ78s89+ihaC9Z7kFu3Cg+si2qz96JbImeamst9d:xxJUeCMNuV6798wC92FJrsi99o8aX7
TLSH 08B4020222E81726D16E8FFE20D150101BF6AD3B2593F76F9ED174EA0E737508A61DA7
Reporter @SecuriteInfoCom
Tags:AgentTesla

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 27
Origin country US US
ClamAV SecuriteInfo.com.Trojan.Inject3.40368.17518.19914.UNOFFICIAL
VirusTotal:Virustotal results 23.94%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments