MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6
SHA3-384 hash:	ca9d66d0dd70c65bac0e895960fe3d23fd1a127178fc4f0fed96654dc940eb3d343c9ccb7bca8fdebe51243c9c028fd0
SHA1 hash:	a4a989172d4ff7c4477c89463af1577700ffb487
MD5 hash:	4036615d9d39a5e3bf3b9e9d63286086
humanhash:	ohio-purple-october-nitrogen
File name:	SWIFT0816PDF.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	524'288 bytes
First seen:	2020-04-30 11:56:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:x7tUZ+GvNPzXZDjUPAazUhzViEZf88cWDbSFcLm4eN1:1axvRFvyUTC8cW/SFp4eN
Threatray	217 similar samples on MalwareBazaar
TLSH	12B4AC3A29BD1136D228D0FD8FF5D836F440D2A770B278395A93964583A2F5229D72FC
Reporter	abuse_ch
Tags:	AgentTesla exe geo GRC

abuse_ch

Malspam distributing AgentTesla:

HELO: plesk124.red166.trevenque.es
Sending IP: 217.18.166.124
From: MITRENTSI.M@nbg.gr
Subject: Ειδοποίηση πληρωμής
Attachment: SWIFT0816PDF.iso (contains "SWIFT0816PDF.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Genkryptik

Status:

Malicious

First seen:

2020-04-30 08:12:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jkfi3d5kx5tbhfq5mml2wkpthka2i7545ahcrclq72lod5tsi2ta._file

Verdict:

malicious

AgentTesla

0874efe680cfb9ab53997e6f4b5e1159d1d4d51f485a6845fc90cd03d10ca29f

AgentTesla

18ee411e31ac1f4e3bcd2d811b147853bf2977645c631809acc75b7639e7292c

AgentTesla

6963991b3f7b0d0870130058d1494481d64003e95bbb5fabfb024de68582c02e

AgentTesla

6afb227c640c59b8f64fc5a16adf0a25e946cf47198992bc44044976a8c3bcf3

AgentTesla

82df2d9ba67f275874caca138baea0b54e90ffd727d561072243a9d9026569ae

AgentTesla

98629c6d70b7985e3671dc4a824e2f4662dbcd85a787f5d0d546688922f41ffd

AgentTesla

bf54056eda237aa8972826e73687985609e3713c461c40c3c47ca231d7266783

AgentTesla

ca49aa362621679944ff2bb5c323dbb64ef5f0364dff1be6168c0657962296ec

AgentTesla

d74a4cdc37bedadf721932a6118039ab332781ccbb8f00d9c763da4602ef6fda

AgentTesla

+ 207 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso a8a81cd5f13933620eb71512fe74d6463dc556d74b4b68810b77617a2c8d1cf7

AgentTesla

exe 4a8a8d8faabf6613961d6317ab29f33a81a47fbce80e288970fe96e1f67246a6

(this sample)

Dropped by

MD5 6f1725ac7868fdca24cac4b4105ce744

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 a8a81cd5f13933620eb71512fe74d6463dc556d74b4b68810b77617a2c8d1cf7

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample