MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3819948505ca931701228dae2e36089ebf01f7afcabe446f71568785063b96b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3819948505ca931701228dae2e36089ebf01f7afcabe446f71568785063b96b0
SHA3-384 hash: 9c446739e5f44065187d7292eef8778320783892213c23cf2d791a00d54d959a3804178039ce5b860cc8fe28513aa5ad
SHA1 hash: 6c777c0821ecdcb7df4aa5326afd3d3d848fe5f0
MD5 hash: 3fe9e6e14a0529bfd0e5382483e3ca6c
humanhash: lithium-missouri-river-emma
File name:mbdpmGYOGf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:413'696 bytes
First seen:2020-04-07 21:04:15 UTC
Last seen:2020-04-07 21:42:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:JYQDek9RkKSRLcwXtfJ1DCxwAeEa7qbmQ0sonUG0D3Z7jYnAz/DTp/TOXkDfJ/ki:Eikxaw9f3mwwmDo3WA7R7Lsqi2B
Threatray 10'609 similar samples on MalwareBazaar
TLSH C89412223687874ED53E0FF9A03605000B72E5661A03F39A4DC578FD197BFA06957EAB
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
AgentTeslaV2
Create hunting rule
Link:
https://www.capesandbox.com/analysis/672/
Detection(s):
SecuriteInfo.com.generic.ml.18718.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 21:03:58 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
01eec39e40e27c4927218db094d7a9fcec18ce67d11948f356f95ee328644669
AgentTesla
1b300274b3a285359d3c2c50d221aca75f28e1e972626fbef59454b3fba7f0fa
AgentTesla
27939b70928b285655c863fa26efded96bface9db46f35ba39d2a1295424c07b
AgentTesla
4c7aa908b8b0f65ba2fa635d033211e4a7664a8f3fa2fb297424c8a21e4783f5
AgentTesla
80423c1bdd4ce9dcc01e1896a8e6dcb7016934500e2615b9dc5e6ea15473b41b
AgentTesla
8363b6e684e48f174269683ade14e1d6134ee159e25e99ac98169539dce448fa
AgentTesla
843edc7bc28351c5404d3e03b1a989a26b07b0644874a063952460a6f7ae6a42
AgentTesla
9926f8cdeb4894246b7db658d899feccfebcd4dce0cf55616712813cee8575b3
AgentTesla
ab77485a73cc82871080e0d5781e1e1794e9deb312c4791f66685a2a08765b7f
AgentTesla
d2e881a33cbe4ea3c3965f46a709f54bd407cd5e248822a0af2cd189b6383d04
AgentTesla
+ 10'599 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/672/
Cape
Cape
https://www.capesandbox.com/analysis/671/
Cape
Cape
https://www.capesandbox.com/analysis/669/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments