MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 398326880d507f3c7731113a7c2630e01df8a3013422346c12e55d5ab76efd19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 398326880d507f3c7731113a7c2630e01df8a3013422346c12e55d5ab76efd19
SHA3-384 hash: f67f39eb81109288cd493ce88451c4d89d9c2a27f77969700a102e1d6f602e9c6b08e1e60240070ba6e430481c76beef
SHA1 hash: 090e7ec176ae4332665bb35b6c52af3a18f1fa43
MD5 hash: b72502adc492cd694cd064d56a93fed5
humanhash: artist-uniform-arkansas-sodium
File name:doQsVLzQv.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:798'208 bytes
First seen:2020-03-23 16:17:08 UTC
Last seen:2020-03-23 16:17:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'669 x AgentTesla, 19'482 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:brGF/nCL0bI7vhw0VROLN8JLERmZIYXEKPIU1hoeYCCn2+mU6Hb9pbnimsnYHMe:dLvVcxULMmH0qZY3iUU9Vimt
Threatray 5 similar samples on MalwareBazaar
TLSH F5056AC0EE67EA19C16816F0C94DD108C3A4EF496741EE406E86F3DA657270DCDE8AF6
Reporter HerbieZimmerman
Tags:Agent Telsa AgentTesla RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 19:50:14 UTC
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hgbsncankb7ty5zrce5hyjrq4ao7riybgqrdi3as4vovvn3o7umq._file
Verdict:
unknown
Similar samples:
66008cc8d1ea9c2a02674d800e113f485112789a865ca4f02e1af066d0cc2f9e
AgentTesla
aa530c5bf4006eb53797d6617fce896f3ac536f35c596afcee611f9b8649f4a9
AgentTesla
b50536b4f6f667c4f20a7b4cf9f5c2050392ef1eb2d3fa0607c16d96f4e5f221
AgentTesla
cea60f7a30f3b97b616185c051f4e73ed69e05984af710db7844de905848a250
AgentTesla
cf0be11542467a92e1bb6cdbad2c7b78cb7b19ea5ba34dd2a665484cce5037b9
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 398326880d507f3c7731113a7c2630e01df8a3013422346c12e55d5ab76efd19

(this sample)

anyrun
any.run
https://app.any.run/tasks/dd1cf69a-09a0-4664-a7a2-752fe5449c43
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments