MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24245c3e1af247d82a4afe11c35679ca51f6b815bfc17c4c79768ce8a2d7fef7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	24245c3e1af247d82a4afe11c35679ca51f6b815bfc17c4c79768ce8a2d7fef7
SHA3-384 hash:	d12f870e76752970c15180a8b4297bb78720a4a9aa6f06fdfd13e27e08ff251b32bfe090dcb349b715c30171adb3f0c0
SHA1 hash:	c7c1fd017f3d137cd573f3225ed881b8840bdd79
MD5 hash:	75ca16447823e3b11a2c7cce8f4922b1
humanhash:	beryllium-oven-fillet-blossom
File name:	42e026716bcf95406beca59b834a1432.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	297'472 bytes
First seen:	2020-03-26 15:37:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:t4L+EgXUP++oGmxTs1NT/LO5eN1ezaSVXWb:JEmU0jYYeiz
Threatray	10'417 similar samples on MalwareBazaar
TLSH	B9544BBC6F88B902F73D5D3289D15A6012F194874E12DB0F2EC55BED7F52BC9284A386
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1nxID3cbZ3N3YCfZ5Mt-WYptrBK_9HFWH

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-26 16:36:41 UTC

File Type:

PE (.Net Exe)

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

0f2ed94f7ce73623cc14daf630cd853c2618b09543688d15bf63e735564b1da8

AgentTesla

1c52fdf3b0e990fcb41ea7b549f42b96be5d5ad6222f47384c2d1569c9469e1d

AgentTesla

36af666d53cba0e9c1b3a2e4e6d9513581090d3fdea442cb13dab3aa2bdf6d72

AgentTesla

41bcc65124a985f6dc77f4a363a9095e952409d19136703c37c39d939cffc57e

AgentTesla

b3cd93c2e506c198cccfeffadffdb5bd47dfc640130267f310571b0018a2e01a

AgentTesla

b72906cf963bcf4115a7d436a4768e76597524faf4a12f60fa42c2d59346b7bb

AgentTesla

d6b47a7728293728613b03f3e615897081f6f2b09efafa9b798bb3b9dcd0f283

AgentTesla

e4cf16d4a0d4871fab22511f073c0cf293b9863a06d0fc733a9cb984c37c8886

AgentTesla

f9f31397ba8280e1f9b561cbead3a1d3c96eb95b42b492274b3d5804cc84d9b0

AgentTesla

+ 10'407 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

1dd138afd050e4d29b20494c3bd607685295f2cd8217c1e6ddd9b47e54961f38

AgentTesla

exe 24245c3e1af247d82a4afe11c35679ca51f6b815bfc17c4c79768ce8a2d7fef7

(this sample)

Dropped by

MD5 42e026716bcf95406beca59b834a1432

Dropped by

MD5 724056376d0b87bac9b6941625540461

Dropped by

GuLoader

Dropped by

SHA256 1dd138afd050e4d29b20494c3bd607685295f2cd8217c1e6ddd9b47e54961f38

Dropped by

SHA256 93308dc8ee7493bcf15a34667bfb4f263c0b3bd8aff2529ad6542c05b7e4443b

URLhaus

https://urlhaus.abuse.ch/url/328765/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample