MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 440772fb86f2519451345ac945704a6e135868b504f2cdac881f17f9d4bb8602. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 440772fb86f2519451345ac945704a6e135868b504f2cdac881f17f9d4bb8602
SHA3-384 hash: 6c13d593bde1784ddc98cc930f27900ee03f313a8b8955b07de8c7a841fe2e37619bde12dda8c27ed6f23a3c64b37929
SHA1 hash: 81c95fdab63a5beaa51f9b60f64d9eed745978c5
MD5 hash: ca27e4402389d86afbb02bcbe51aafac
humanhash: lithium-uniform-alabama-montana
File name:Vw2ekrCTsTs3N8r.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:435'200 bytes
First seen:2020-04-29 17:13:28 UTC
Last seen:2020-04-29 18:12:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:zNnJk+GUlFRigGu76Wn8fqiOyewzeBN2u83B+:HHG+FUm76q8egU
Threatray 630 similar samples on MalwareBazaar
TLSH C794127A1B1C637FC5BB45749483DF0971A8806A9693E3D42F8A9AEE43D7BC01584BC3
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: project manager <kong.ng@hempel-metals.com>
Reply-To: princepepsa241@gmail.com
Subject: Statement of Account/Ledger
Attachment: Statement of Account.rar (contains "Vw2ekrCTsTs3N8r.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587 (85.187.154.178)

AgentTesla SMTP exfil email address:
From: saco@flood-protection.org
To: saco@flood-protection.org

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43062927.11174.19421.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 02:09:07 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqdxf64g6jiziujulleuk4cknyjvq2fvatzm3leid4l7tvf3qyba._file
Verdict:
unknown
Similar samples:
06e83a73a0d058de1811b6ee93f063b97fe79fbab77e2acf0a859cceff815c86
AgentTesla
1122de58d83267cd6edf34690c8d8ac376e337e28fddce0c0609554a2c0396db
AgentTesla
47e1f71185f193d015191dec0fd981e6591780a336115fe14638b74031531ac8
AgentTesla
ab63d78243683e8f00bd7a00b3e0ba6867a86bec1abb6b67b24ae3ff9cb65ac9
AgentTesla
d1a314902f558ae79e891b785eec7e87002ed607411e8dfc85b5fbb2f9ef9dc0
AgentTesla
d83d25cdeec57d8bdb0ae70c21d60f32645a2fa21f3f7792774b5ad3bffce9b5
AgentTesla
d9568ff73274781296415519aa548621099b45cc19d68c2d9ce59ce9bee384a7
AgentTesla
d9f827863726fb21fd036363b2090e4454776b3ee1a4665d004da0eaa05126e4
AgentTesla
f17b34a25b38f624ce1dc8c5f36cefbf3a989b77714f4c566c085c56f03c8fbb
AgentTesla
fcc68c78e81eab01751ffe299b6213e6dbe994a6d197367000371e82a4ac0a41
AgentTesla
+ 620 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b84f59c36a4d2f53d3398a974e6eb3bb266b606e8705386fc729cf9c6b18a2a9

AgentTesla

Executable exe 440772fb86f2519451345ac945704a6e135868b504f2cdac881f17f9d4bb8602

(this sample)

  
Dropped by
MD5 3fa921462b172fe74117fe829a7a1429
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 b84f59c36a4d2f53d3398a974e6eb3bb266b606e8705386fc729cf9c6b18a2a9

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments