MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28612f73668350130867b21bdbf9acfc75c12106ef59f459c77f4522a513211b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	28612f73668350130867b21bdbf9acfc75c12106ef59f459c77f4522a513211b
SHA3-384 hash:	ec314693ede49d7ccc8c26185b195dd443381dd65ffdfced6de9796eec7d731344e39762869501a7dff71609c3c9f5d5
SHA1 hash:	b93bccb34d2c7f800424ed7cffaea6fb22e9097e
MD5 hash:	0cdb4724f5ac28b35ab4e1470d3781da
humanhash:	princess-purple-mexico-georgia
File name:	a6344651ef60f69bea9fa88cb18fb363.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	299'008 bytes
First seen:	2020-03-29 21:10:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:MO7SVc4dDJakTxHJ7ZwhYPFBenqRJg0QFKOYT6ibgoaTV:fSjdlNKhU2nqzyK7WoaTV
Threatray	10'547 similar samples on MalwareBazaar
TLSH	7D543A6D2F88B902F73D5D3289D1667052F194834D22CB0F3EC85FEC7A5A7CA294A395
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://onedrive.live.com/download?cid=7A5E689DD1DC641F&resid=7A5E689DD1DC641F%21106&authkey=ALAoak1EMTtbw6w

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-29 21:35:24 UTC

File Type:

PE (.Net Exe)

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fbqs643gqnibgcdhwin5x6nm7r24ciig55m7iwohp5csfjiteenq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

4163583794b9438194fedb4ca287e30d0c540c8c615e43613ada022534606ac9

AgentTesla

47aecc3c4471c61bf636bc9a05fda7376bd302441e7016d0aabc4487cfdbabbd

AgentTesla

7cf059a1d51541e4a746e4f8f624152801c40489e612bb46abd6a4bab26f6851

AgentTesla

8f9706ae3291a23f41bcdc0b9248389d39480087c2394cc249d45f30619441c6

AgentTesla

9dcc55371b4e6c9419e6b34fb4501400c6efb5515aef424349e7c845ddbf47df

AgentTesla

a215c693d52db997e4a64d302f976d4bccac373250c5c29650fe199d86e6db62

AgentTesla

a5141cdbe92ab9cc719bbefe36250a0bf11c401ba4720cfffed89147d41085cc

AgentTesla

bf5ea94f9caf0f0db89ebbab1b2d022be6381423eee08d35afd2e14b465ea840

AgentTesla

efad28e77822049d1d0c699c9b8531df0d053f57a332b7f7b1618e82e9f7484e

AgentTesla

+ 10'537 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

07214102dd5b2c342a4e4fdef4301ad51429f91dfa2e877ec93194f8e73d5ec7

AgentTesla

exe 28612f73668350130867b21bdbf9acfc75c12106ef59f459c77f4522a513211b

(this sample)

Dropped by

MD5 a6344651ef60f69bea9fa88cb18fb363

Dropped by

MD5 4e33d2ee3e202b3130dc153d8c1ab2e4

Dropped by

GuLoader

Dropped by

SHA256 07214102dd5b2c342a4e4fdef4301ad51429f91dfa2e877ec93194f8e73d5ec7

Dropped by

SHA256 79ba22d10d43fe6cbbba1b4458b5ed177ed8e8b085d21ed3b79ad34f77236de4

URLhaus

https://urlhaus.abuse.ch/url/331993/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample