MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5482f1f95375aaebcc192fa70c0027d2e6bdbf3a50efefa0a10fbb80b46e74ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5482f1f95375aaebcc192fa70c0027d2e6bdbf3a50efefa0a10fbb80b46e74ed
SHA3-384 hash: af2830a1b7434419b6bde112d2c5836225f535a38b65c12519463ef1d290592f69387578e32e1ec8c0a82fc956ca5778
SHA1 hash: e92c48cc7df61ebb3cf392e2cf11bf82b0194b96
MD5 hash: 7e94bc73fbe4ec38104639c43ad4fe61
humanhash: river-one-cup-summer
File name:Payment_receip_&_Swift_Message.bat.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:466'944 bytes
First seen:2020-04-30 07:35:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a5a2707ac96c9f900f2a28bf77396ed2 (3 x AgentTesla)
ssdeep 6144:2b58M9j6U6CVhDRU9xEudXxo+tPESjLob/izPbbWlmV5M96JOT2cLxRJIlov:CJ6qDDRaEuVx5dEj2hPhJOT2CLJI
Threatray 9'857 similar samples on MalwareBazaar
TLSH D7A41251B9E0B961C567A1BD149392902A23BD04340F0336B39727AFE4BE747149FBEB
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-6987314-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2019-06-03 13:53:56 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
guloader
Create hunting rule
Similar samples:
068608c39b0bfe4a6e20490f60b23a186825d9c444e540a9803b69ae586f35c3
AgentTesla
0f88360504d8d31ba8c9313f9237e0e0e65cce7670291fd948db57a8a21eb5df
AgentTesla
284f5d7c77eab431e6dd8bdd9e508bbd1e2e3dc467b40f68b834b1a437061061
AgentTesla
34b08faba18f426d3654081913606bb6bf768badbcf85ada8284a90494a241ed
AgentTesla
45bd070ecdb312c1f7b26ffefc4c122b4f3d373b75bf7dd2628a37407b29cad6
AgentTesla
647fee1c3bc734439133bd78fe6519ad349501ac7a83e179601950f97fe96e1f
AgentTesla
bccc23b47532cc1b95e61602152160960a31ae993aa85bf4f8448d8ea41212dd
AgentTesla
e0af0be6801a112bc8cf51fc9d1bbef16a56c4d1d9d6c68f15557a21a3e54351
AgentTesla
e6ae69a007404e1d3dc15350940a8f92750c3af9e4accb76be1cae8aea98804a
AgentTesla
fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7
AgentTesla
+ 9'847 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments