MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 3 Comments

SHA256 hash: e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533
SHA1 hash: e7c5b2bd47594e8f280a5d52376b6411b20e70e4
MD5 hash: 2768319ce250022ca53507d643e5877d
File name:MV IVY OCEAN.exe
Download: download sample
Signature AgentTesla
File size:382'464 bytes
First seen:2020-05-23 07:31:23 UTC
Last seen:2020-05-23 08:36:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:k2GhNuhi6wFzdY/iNca1VUg+sf0LE+gM8g3tdcLmXYYZT7Flz+csvFb:k2iNUxUzS6NcngsLVgMNdd6+JrScsv
TLSH 63840249E72CA32ADCE84EF9EA6527E0432042955052D3AF6C9524CB0C277D737E76CE
Reporter @jarumlus


Mail intelligence
Trap location Impact
IT Italy Low
Global Low
# of uploads 2
# of downloads 27
Origin country FR FR
VirusTotal:Virustotal results 37.50%

Yara Signatures

Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:win_agent_tesla_w1
Description:Detect Agent Tesla based on common .NET code sequences

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533

(this sample)

Delivery method
Distributed via e-mail attachment