MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c0a7dc21889d132d53b40eb0cbc6e8f4548b408785d9df71eab8e7f4caea9fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	1c0a7dc21889d132d53b40eb0cbc6e8f4548b408785d9df71eab8e7f4caea9fe
SHA3-384 hash:	6e177fe9625c438b153949e86c339a06295b78ef44af73475c1eb44be88c1787a724ba897c3816d5f338214c96d767dc
SHA1 hash:	9dee4728f9587520d8232e0bcb3a8de796ac74e5
MD5 hash:	9e395bddeef87671d765c2e7dabed3e2
humanhash:	tennessee-berlin-zebra-washington
File name:	04370558f43d5fed3978ca881f5e2be6.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	288'256 bytes
First seen:	2020-03-26 15:20:27 UTC
Last seen:	2020-03-26 15:37:59 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:lJgyUKKSnYGUHBwwMH7f0GvUZPjhEsQ1cb7:IyUAsXaM/ZLhE/
Threatray	10'494 similar samples on MalwareBazaar
TLSH	9754085DAB88A916F33D1D36C1D9826013B2D5834512D34F6EC44FFA7F5A3CA384E29A
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1Zv9mz4DNn5H4zs1PZPRjsW5OLOoscic9

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Agensla

Status:

Malicious

First seen:

2020-01-29 19:12:00 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=dqfh3qqyrhitfvj3idvqzpdor5curnaipboz35y6vohh6tfovh7a._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

1c52fdf3b0e990fcb41ea7b549f42b96be5d5ad6222f47384c2d1569c9469e1d

AgentTesla

2db768c4da193c9ea8a2cb92da2999f76414b625eed8a6f8088992ac37b4f9ce

AgentTesla

4670fe6f5313f9539870f640a3b232352201fea158b0ff267702b8e28a8ff0e0

AgentTesla

71ee7d4652f73c8af684b98b8ad66b97b363c71d45e430cf284ebba591f45acf

AgentTesla

83e661009dfa3a8c57b2517ff461dc6ab437d6632b1050466ff5d4fbaae7b69f

AgentTesla

89655a7540a81b20daf6c94956e3b2617da461256423aac47b105266704302e4

AgentTesla

8bd06e8a541a1498bc8a2d44d2212d369214a9cd29bbdb7b802d01e4c1c3fc1f

AgentTesla

a21a7f19bc3685a75822db92833fd2ace494aed32f228b8f039ba1581ae198a6

AgentTesla

cf7fa6c522942e6b4c87248e59e239bb3e265cf9f138c9821e538f3e182f5fa3

AgentTesla

+ 10'484 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

33f901b8574d47556027e61199a451ac6789e48c1183d750fcce99e222e82c31

AgentTesla

exe 1c0a7dc21889d132d53b40eb0cbc6e8f4548b408785d9df71eab8e7f4caea9fe

(this sample)

Dropped by

MD5 04370558f43d5fed3978ca881f5e2be6

Dropped by

MD5 723c56f22df24d6770c37803c0f7cdb2

Dropped by

GuLoader

Dropped by

SHA256 33f901b8574d47556027e61199a451ac6789e48c1183d750fcce99e222e82c31

Dropped by

SHA256 ae1e841b5b1a253340cec96bc32c566dc7b9a5e9f4e8e8c871b72316333463e1

URLhaus

https://urlhaus.abuse.ch/url/328596/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample