MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd293557eee7037212f3082467abe3cda3f0f660fb4d3d18c2f16ba8e3e7fe60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd293557eee7037212f3082467abe3cda3f0f660fb4d3d18c2f16ba8e3e7fe60
SHA3-384 hash: 7647dbe16219ea859a9f9c02a5aa71c7871e1ff2c7dda5d6b207e379741989c6db8d76c858b83a7d381444abc632a0c9
SHA1 hash: 0edd0d89669099e8593110f4945c221fecdb856e
MD5 hash: d2152e707ccc1b861fbdf2bc405a8bb6
humanhash: solar-dakota-green-jig
File name:Invoice.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:632'320 bytes
First seen:2020-04-01 12:19:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:z+u3VRJiYGsajAqfBY1mswUt+H80dfe3JJxIRyZDFVULZHZK+Yx/xoJDQnSURNnf:q6/6AkBYJG80mJJxiZHQjbomSgngI
Threatray 85 similar samples on MalwareBazaar
TLSH 0DD48D313F9DCD36C1AB8EF6E4A22114F270CD0A9D47CB46C9BD62A6C472BC47C56529
Reporter c_APT_ure
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaA.10672.3243.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agenttesla
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 01:08:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
17
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7uutkv7o44bxeextbasgpk7dzwr7b5ta7ngt2ggc6fv2ry7h7zqa._file
Verdict:
unknown
Similar samples:
188b806e1f68912656bb5156317e03ee2927658f4879edeabb6a2bae0406f1f9
AgentTesla
227edfe5a3f405840f8be7a96d205ddbd66707829e0118f049f2917d28d2b142
AgentTesla
4b6a3f081e8c3446ceda38794bf4922dff17d04cd79759b4bd543b0c5df7a4a3
AgentTesla
51868d20e4a12a9c843de2e2265cd8fc72577d511d73a5451e8b891654e546bf
AgentTesla
551ef049bccb7a04aded3d024be74e299bbd9c39b4ede5eff98606f89b9ae44e
AgentTesla
5e815563608e4af9aaa035976f45051074f9ecd5a0414569b40efb04e0c88c2e
AgentTesla
6592c22fa9ba295820bfa259711ec8592417ba1048e3b8baea6a39cc0e95bca3
AgentTesla
7dc944bd0d2dafb252d4388f45a7d624ac5b6cf79ddfe72e3b5fb2db08ab1850
AgentTesla
b8c83fec461fa3c0dbca9cc651e6b2a6667f62330baee43c1acb0a2422be3699
AgentTesla
fb3509272ff65cf1f3521d230d912afde3af02dcf203ad045e020a4fd86ddca0
AgentTesla
+ 75 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe fd293557eee7037212f3082467abe3cda3f0f660fb4d3d18c2f16ba8e3e7fe60

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments