MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd512bcb35f6f9b41f33ec961e46e3b80a774d8038a03abb1b693064a84f8f1a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 1 Yara 3 Comments

SHA256 hash: fd512bcb35f6f9b41f33ec961e46e3b80a774d8038a03abb1b693064a84f8f1a
SHA3-384 hash: 67e767e4ad4c4e07a455d4979de6d832d94fe86ca3001cf0bb5731bc146cf1bb1efb1589b0a82557e892ca774f221277
SHA1 hash: 4ee5f574ed4c49a269d257e353baf736e50210d2
MD5 hash: aa250511bf99e715a6b37fc643f355d8
humanhash: seven-golf-oven-glucose
File name:aa250511bf99e715a6b37fc643f355d8.exe
Download: download sample
Signature AgentTesla
File size:512'000 bytes
First seen:2020-06-30 13:35:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:g1cWFUkk+EJqyQtmoq2NDTpnuYXOGOYO:S50Foq29Tp0GO
TLSH ECB4F12126EC0FA6D1FD4FFE64BC31100B787A252567E38C9E95B0DD1C62BD0856A39B
Reporter @abuse_ch
Tags:AgentTesla exe


Twitter
@abuse_ch
AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17234/
ClamAV No detection
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/fd512bcb35f6f9b41f33ec961e46e3b80a774d8038a03abb1b693064a84f8f1a/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kxyflrm
First seen:2020-06-30 13:37:03 UTC
AV detection:12 of 31 (38.71%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   7/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-86qtcwhn1s/
Tags:spyware
VirusTotal:Virustotal results 12.50%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments