MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 10cb43e944707741d8bc5ab4e7d7f6b05a1781c75549b27627cf0a46fae7d9ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 4
| SHA256 hash: | 10cb43e944707741d8bc5ab4e7d7f6b05a1781c75549b27627cf0a46fae7d9ab |
|---|---|
| SHA3-384 hash: | f3b94d2dfac38d103edc7ce956783efd4cac7eb444c131771e2f68d0708ed3badb475e22f9513e320150d8027a8b3bad |
| SHA1 hash: | 4c29149bbda48bc23d72918d6c75bc2d259bbf93 |
| MD5 hash: | c61fe57cb43b2e5107401ec18301ab12 |
| humanhash: | kitten-yankee-stairway-snake |
| File name: | Hủy thanh toán séc do tăng trong Covid-19.exe |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 759'808 bytes |
| First seen: | 2020-04-14 10:02:54 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 9e8b0f560a6750e7570151d97e24bc93 (3 x AgentTesla, 3 x Loki) |
| ssdeep | 12288:0bHlQH4OkL1boH2bZSzssoY+sk5QMSJ7++3j3xRJ1dQoXYD+:W/doHbsm+v5gJ7+KPbID+ |
| Threatray | 11'680 similar samples on MalwareBazaar |
| TLSH | BDF4C023F6A05433D1631E7E8C1B57B89827BE413A285946EBF91F4CAF39781342B197 |
| Reporter |  abuse_ch |
| Tags: | AgentTesla COVID-19 exe geo VNM |
abuse_ch
COVID-19 themed malspam distributing AgentTesla, hitting Vietnam:HELO: linux947.grserver.gr
Sending IP: 178.63.13.15
From: Vietcombank <antonioramoss1997@gmail.com>
Subject: Hủy thanh toán séc do tăng tronag Covid-19
Attachment: Hủy thanh toán séc do tăng trong Covid-19.rar (contains "Hủy thanh toán séc do tăng trong Covid-19.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-04-14 02:53:21 UTC
File Type:
PE (Exe)
Extracted files:
62
AV detection:
25 of 45 (55.56%)
Threat level:
5/5
Detection(s):
Malicious file
Verdict:
malicious
Label(s):
agenttesla
hawkeyekeylogger
Similar samples:
+ 11'670 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_NX | Missing Non-Executable Memory Protection | critical |
| CHECK_PIE | Missing Position-Independent Executable (PIE) Protection | high |
Reviews
| ID | Capabilities | Evidence |
|---|---|---|
| WIN32_PROCESS_API | Can Create Process and Threads | kernel32.dll::CloseHandle kernel32.dll::CreateThread |
| WIN_BASE_API | Uses Win Base API | kernel32.dll::LoadLibraryExA kernel32.dll::LoadLibraryA kernel32.dll::GetSystemInfo kernel32.dll::GetStartupInfoA kernel32.dll::GetDiskFreeSpaceA kernel32.dll::GetCommandLineA |
| WIN_BASE_IO_API | Can Create Files | kernel32.dll::CreateFileA kernel32.dll::FindFirstFileA version.dll::GetFileVersionInfoSizeA version.dll::GetFileVersionInfoA |
| WIN_REG_API | Can Manipulate Windows Registry | advapi32.dll::RegOpenKeyExA advapi32.dll::RegQueryValueExA |
| WIN_USER_API | Performs GUI Actions | user32.dll::ActivateKeyboardLayout user32.dll::CreateMenu user32.dll::FindWindowA user32.dll::PeekMessageA user32.dll::CreateWindowExA |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.