MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c52fdf3b0e990fcb41ea7b549f42b96be5d5ad6222f47384c2d1569c9469e1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c52fdf3b0e990fcb41ea7b549f42b96be5d5ad6222f47384c2d1569c9469e1d
SHA3-384 hash: 75357edbfc09789debee7efc7e43ac246f16ec51c50979c5b34fe267c3c8b9fdddecc2f5260c5c9723211d44ac2d9024
SHA1 hash: 6abfb45d23bec9d2a061fc6c1d21e207c3bc782d
MD5 hash: 44490623c48fb7efe1115fec9d34e0a1
humanhash: lake-red-butter-bakerloo
File name:3c31379f62ef2db5c910f656aa2368a2.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:298'496 bytes
First seen:2020-03-30 00:40:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:GG0WF+qym7NgYc0HkhFPqNsYVnMV1FN61b8MoyTV:V+W5xmitnMV14oyTV
Threatray 10'475 similar samples on MalwareBazaar
TLSH 7A543AAD2B88B902F73D593289D1267026F1D5834E12C74F7EC85EED7E527C92C0A396
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://www.dieselmoreno.cl/form/xbtv2_encrypted_1B88620.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 01:35:20 UTC
File Type:
PE (.Net Exe)
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=drjp345q5gipzna6u62ut5bls27f2wwweixuoocmfukwtskgtyoq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
06c4dee18a0ccec54191fb4eaf2029cdb1acbf8f80cc80a3576cde0965b6cbf6
AgentTesla
0cf4378a60635fbed046a2afa593ac87c02b814cb0f2760fcf475d2abedfb12a
AgentTesla
28612f73668350130867b21bdbf9acfc75c12106ef59f459c77f4522a513211b
AgentTesla
559319bcc870056c88c3e180aab8acf899786bc2c923ebf49e73195339c6f25d
AgentTesla
5823a8402d658c2cc74b64a81fafe9c0283d81dd4800fc0325254cce51ecf679
AgentTesla
8501b62ef01d0a8ffacb3e1c7bd13129fca8a621d00f14d81a1227cf6872c5fe
AgentTesla
bf5ea94f9caf0f0db89ebbab1b2d022be6381423eee08d35afd2e14b465ea840
AgentTesla
d6b47a7728293728613b03f3e615897081f6f2b09efafa9b798bb3b9dcd0f283
AgentTesla
de51c601d1757953b944489454503ebdb6e95d39e19e5fb13838741e46533dd6
AgentTesla
efad28e77822049d1d0c699c9b8531df0d053f57a332b7f7b1618e82e9f7484e
AgentTesla
+ 10'465 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

1235a1b2233c52011f348f1a5679fce4d3555ce48b9ca7cc98db059806f058b9

AgentTesla

Executable exe 1c52fdf3b0e990fcb41ea7b549f42b96be5d5ad6222f47384c2d1569c9469e1d

(this sample)

  
Dropped by
MD5 3c31379f62ef2db5c910f656aa2368a2
  
Dropped by
MD5 4c9341c3b5e85080b0760ecc9c05724d
  
Dropped by
GuLoader
  
Dropped by
SHA256 1235a1b2233c52011f348f1a5679fce4d3555ce48b9ca7cc98db059806f058b9
  
Dropped by
SHA256 10b9df4833a55bac025d858306d4d2d97561dcc5040ba32811913e633df6a9b4
  
URLhaus
https://urlhaus.abuse.ch/url/331962/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments