MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea3ab2906a0fbe3de7ec765a762d6537bdc51234d7be3391348cf45534e4fbe8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: ea3ab2906a0fbe3de7ec765a762d6537bdc51234d7be3391348cf45534e4fbe8
SHA1 hash: dd04b519f886eaa4ff6ca92eaa4befb49752d0cf
MD5 hash: 3a56afd5aa1b2221af4062d77d227865
File name:3a56afd5aa1b2221af4062d77d227865.exe
Download: download sample
Signature AgentTesla
File size:589'312 bytes
First seen:2020-05-22 13:41:53 UTC
Last seen:2020-05-22 15:01:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:gsGewQebH1Xg5sZAgXJYEnmTpTdzCqoJLD424FeR1NR14vlfq:BGTQCBgEnmkmVdzCqoJa
TLSH 6DC48CAC725075DFC81BC876C9A41C64AA207DBB970BE203905335ADAA2DAD7DF141F3
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
mail.panaeshacapital.com:587

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 25
Origin country US US
ClamAV SecuriteInfo.com.Trojan.GenericKD.43187385.12558.12291.UNOFFICIAL
VirusTotal:Virustotal results 40.00%
ReversingLabs :No data

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments