MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 3 Comments

SHA256 hash: e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533
SHA1 hash: e7c5b2bd47594e8f280a5d52376b6411b20e70e4
MD5 hash: 2768319ce250022ca53507d643e5877d
File name:MV IVY OCEAN.exe
Download: download sample
Signature AgentTesla
File size:382'464 bytes
First seen:2020-05-23 07:31:23 UTC
Last seen:2020-05-23 08:36:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:k2GhNuhi6wFzdY/iNca1VUg+sf0LE+gM8g3tdcLmXYYZT7Flz+csvFb:k2iNUxUzS6NcngsLVgMNdd6+JrScsv
TLSH 63840249E72CA32ADCE84EF9EA6527E0432042955052D3AF6C9524CB0C277D737E76CE
Reporter @jarumlus
Tags:AgentTesla

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
Global Low
# of uploads 2
# of downloads 27
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.PWS.Siggen2.49255.24603.17631.UNOFFICIAL
VirusTotal:Virustotal results 37.50%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments