MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1233735628e647af2813825a96eda3efeed3101426058e1698aea0f55c7407e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1233735628e647af2813825a96eda3efeed3101426058e1698aea0f55c7407e5
SHA3-384 hash: e7026f102c0296128222402eda5dbfe05ed59b80f8b76dc66bb94be81912efa8e9229eff8ffdafdcb392cf376bbe3d87
SHA1 hash: 48ba2186c2c29746ff074d6df51248cbc6f505c1
MD5 hash: dd4d1e176e30047d3907a9dc9f4668dd
humanhash: carpet-steak-mango-oven
File name:297c7c876f5f9081ba8134ec940ea246.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:299'008 bytes
First seen:2020-03-30 03:40:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:JuDToX0P09Skut8Bf4z4e6iPlWg0WO0lknLGGbbGoyTV:4gX209utp6oOEoyTV
Threatray 10'433 similar samples on MalwareBazaar
TLSH AF542A7D6B88B902F73D5D3289D1666012F1D4834D12CB0F7EC41EED7E627CA2A4A396
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1IRDExLgtsuds6T5Xqm4A9fEzrgfLgj66

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 04:35:21 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cizxgvri4zd26katqjnjn3nd57xngeaueycy4fuyv2qpkxdua7sq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
09b0e2a84a8e7165c5a3b23efcd53cde0a7090e1ebe09a86cca86c33f7c39290
AgentTesla
2836e2f050c5ed948fb0652dde8eca6e867cb25aaa835d8b58738ec251dded5b
AgentTesla
3b579b5c48b467cb0e3a3b28773a63ce90b11a87f4baba15b98d0af36291a314
AgentTesla
464be33bec927be20a7a20445cf668ccb3ec05e76695ce7980b5e6841a02c0f6
AgentTesla
8f8f28f5eee0d7e5a4bf151528beb476347dd84c94ef721675237f00e391c6f5
AgentTesla
ba3bac695a448759f82d4c5180cad7d308fdb8bc12a159456b75ead72aca9424
AgentTesla
d63ec5231d1d805fcf8272f20282fa1bd9b94cc01c309a5eaaf32c1e09f9df6c
AgentTesla
df4a4e6430488397eecf551b6f8558f71d5bc65fe78d70cde3d45e38e82d82f9
AgentTesla
df981c11b8789dcff16652bae782bd8f5112ccbe7377d3f5088be62e2469b214
AgentTesla
e200737a203c4aa2f0dd82a3fc5fef097eb0e64b81b231b29b3022741ade5976
AgentTesla
+ 10'423 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

76623723c8d28a6d02a1f498f6e1b5aa73f5b181d11a5b94e5e58dd6f57c5299

AgentTesla

Executable exe 1233735628e647af2813825a96eda3efeed3101426058e1698aea0f55c7407e5

(this sample)

  
Dropped by
MD5 297c7c876f5f9081ba8134ec940ea246
  
Dropped by
MD5 96a2eff2a0601d1818fc1bc54cc8caba
  
Dropped by
GuLoader
  
Dropped by
SHA256 76623723c8d28a6d02a1f498f6e1b5aa73f5b181d11a5b94e5e58dd6f57c5299
  
Dropped by
SHA256 a2784b282468f525febde7c11beae5babd0d5b6845955e466ae86dfbb1ef2e0b
  
URLhaus
https://urlhaus.abuse.ch/url/332089/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments