MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c8f16f32a6bf75400d5b33e92ad9520002a2bcc1a084d14367ef80e5fb0bbb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c8f16f32a6bf75400d5b33e92ad9520002a2bcc1a084d14367ef80e5fb0bbb8
SHA3-384 hash: 85e7dfdb15e33c88ed4f9cb877832b0c743b922d912c62daf4f72c0822e0efcb0eb4971f78fc87441a8bc053aa9903ab
SHA1 hash: 6010e1b5799cf01f742c369c5964ec38e124a05b
MD5 hash: 769c9d50343ea78e62560c01d0746135
humanhash: purple-spring-massachusetts-gee
File name:bda298b68385f9ea5bce255c3e13f35b.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:112'128 bytes
First seen:2020-04-01 04:10:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 1536:1gjvw/Wuw8mz2wuhS+4GZ2fClCSg5+POXJPMqtpjpiOMUE:1gjvcG8mz2wuQ+4G8fClgMYdMqtLGUE
Threatray 99 similar samples on MalwareBazaar
TLSH 0CB3C54D33989120E6EE87B085F343248279E497996BCE0F09D618FB5B2F741894EED7
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://epgators.com/jk/KELLY%20GIRLS_encrypted_BD3D89F.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_Envrial_Jan18_1
Create hunting rule
Author:Florian Roth
Description:Detects Encrial credential stealer malware
Reference:https://twitter.com/malwrhunterteam/status/953313514629853184
Rule name:win_404keylogger_g0
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT, Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

Executable exe 09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197

AgentTesla

Executable exe 3c8f16f32a6bf75400d5b33e92ad9520002a2bcc1a084d14367ef80e5fb0bbb8

(this sample)

  
Dropped by
MD5 bda298b68385f9ea5bce255c3e13f35b
  
Dropped by
MD5 7f54d0d5c45f3605a0d87236aefc920a
  
Dropped by
GuLoader
  
Dropped by
SHA256 09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
  
Dropped by
SHA256 9573e2f66b3411d050b0bb7648034a78e7b236e56dd3eb5d44e2bd06faaf2390
  
URLhaus
https://urlhaus.abuse.ch/url/333164/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments