MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2cf671173d9af2f550adcb58b7c8aa914164d52400363680cf476af85b9bfab2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 8 Yara Comments 2

SHA256 hash: 2cf671173d9af2f550adcb58b7c8aa914164d52400363680cf476af85b9bfab2
SHA3-384 hash: 0d091798ff2636ee0144a00d566cdc144644c8800c033dcc249015ac90a77675f736d2703bf8eb396be66a9318ee9b74
SHA1 hash: c4e9744244cf3b8e407fd40d50849d5dabbeb795
MD5 hash: 641b595a4f0d6fc67f702417eab2727b
humanhash: burger-colorado-glucose-montana
File name:791a1240d70a20f2b1383dc1bf8d6f90.exe
Download: download sample
Signature AgentTesla
File size:298'496 bytes
First seen:2020-04-03 03:39:22 UTC
Last seen:2020-04-03 14:11:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:Ih957wHvik5T+1UF+9hkRUsrXs/A0SJnlM3qbbHouTV:IuHGh6RouTV
TLSH 2E54397D6B88BA02F73D1D3289D1266022F1D5834D12CB1F6EC95EED7F527C9284A386
Reporter @abuse_ch
Tags:AgentTesla exe GuLoader

Payload dropped by GuLoader from the following URL:


Mail intelligence No data
# of uploads 2
# of downloads 34
Origin country FR FR
ClamAV Win.Malware.AgentTesla-7426372-1
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Autorun
First seen:2020-04-03 04:35:48 UTC
AV detection:30 of 47 (63.83%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dropped by
MD5 8984683ba4ce4cdabd1f2bd08a86fc4e
Dropped by
Dropped by
SHA256 ee6f2cfd633a728a5dbf74bc04b7c9b88adeda052041927ccf262363d3748f70


Avatar commented on 2020-04-03 17:21:45 UTC

COVID-19 themed malspam distributing GuLoader->AgentTesla:

Sending IP:
From: Dr. Kim Jung <>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: vaccine release for Corona-virusCOVID-19_pdf.rar (contains "vaccine release for Corona-virus(COVID-19)_pdf.exe")

GuLoader payload URL (AgentTesla):

AgentTesla SMTP exfil server: (

Avatar commented on 2020-04-03 11:18:47 UTC

COVID-19 themed malspam distributing AgentTesla:

Sending IP:
From: Dr. Kim Jung <>
Subject: Latest vaccine release for Corona-virus(COVID-19) (contains "vaccine release for Corona-virus(COVID-19)_pdf.exe")

AgentTesla SMTP exfil server: (