MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0874efe680cfb9ab53997e6f4b5e1159d1d4d51f485a6845fc90cd03d10ca29f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0874efe680cfb9ab53997e6f4b5e1159d1d4d51f485a6845fc90cd03d10ca29f
SHA3-384 hash: 3d54329dd58ebeb9d41a613471ec40aeba15e1dd704dfb577c7bc02cd4c09ef14f2d6f5d4ef6525088f7a8009ffad361
SHA1 hash: e4a9c20fc566cef07e7d2e1e4541778d2520491f
MD5 hash: 9bfb1859d367f9e7388e5800cfd954e1
humanhash: cola-massachusetts-virginia-fanta
File name:SecuriteInfo.com.MSIL.GenKryptik.EJNW.11766
Download: download sample
Signature AgentTesla
Create hunting rule
File size:524'288 bytes
First seen:2020-04-30 16:05:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:fm4/BPTKh5ZvHxrCHJ4iZAVr0IRD55VyVPg8HQNW:ecBPmhvvlCuiKNH5VyJrHQNW
Threatray 182 similar samples on MalwareBazaar
TLSH 7FB49B3D6EFC523BE2A6C2B1CFD6C4A3F020D2227165A97164C3535A4257E8BB48723D
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJNW.11766.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 17:00:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
25 of 30 (83.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bb2o7zuaz642wu4zpzxuwxqrlhi5jvi7jbngqrp4sdgqhuimukpq._file
Verdict:
malicious
Similar samples:
000512435d0d55901f55882d7be3c3d27e675e73d944fb8e09d3b73e0abccbc3
AgentTesla
18ee411e31ac1f4e3bcd2d811b147853bf2977645c631809acc75b7639e7292c
AgentTesla
4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6
AgentTesla
52f1036c20ed23f457be56d231119ad5471564e4095ffd0cc9d614fa89ef9356
AgentTesla
6963991b3f7b0d0870130058d1494481d64003e95bbb5fabfb024de68582c02e
AgentTesla
6afb227c640c59b8f64fc5a16adf0a25e946cf47198992bc44044976a8c3bcf3
AgentTesla
98629c6d70b7985e3671dc4a824e2f4662dbcd85a787f5d0d546688922f41ffd
AgentTesla
bf54056eda237aa8972826e73687985609e3713c461c40c3c47ca231d7266783
AgentTesla
ca49aa362621679944ff2bb5c323dbb64ef5f0364dff1be6168c0657962296ec
AgentTesla
d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda
AgentTesla
+ 172 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments