MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 578bd233845bd17bde7fa8afe42885144b59351afc61ac21d73f8495989727f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 578bd233845bd17bde7fa8afe42885144b59351afc61ac21d73f8495989727f5
SHA3-384 hash: 7ebcb6e046d7ea2f0b943fb19c8d5a4500921ac54fd6f97f91e7a2ffebc26c1632cb7a7740f88f1d784134a85e79d6e9
SHA1 hash: 772e171a7dc7892f7e37d2237a18bac8a3eb1098
MD5 hash: ced013ef69a750447ffc40a755aefeb9
humanhash: fix-xray-crazy-ceiling
File name:a85073ac96f325f87cecbd4a95cb8a88.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:295'424 bytes
First seen:2020-04-06 10:10:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:lupi/RQLfUUGwsYwFJFAvtAcaK4ToDgAa1/7DF1Nvic0bmZOO:gpORcuZItHyofa1/3F1rOO
Threatray 10'628 similar samples on MalwareBazaar
TLSH 4D543ABD6B88BA02F23D0D3646D5122452F1D1838E22C35F7EC40FE97F657DA2A4A395
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://www.theelectronics4u.com/co/covid_encrypted_F3CB6BF.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 10:36:27 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k6f5em4elpixxxt7vcx6ikefcrfvsni27rq2yioxh6cjlgexe72q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1933047daa20bb10d832d589f39d4c0ae7035691041af24d218dca5ac83c5f92
AgentTesla
233d048b25dd9be7683b3c2cf2d7ebe79b92676d4d787c5cd2f59bd8eab1faf2
AgentTesla
46075243ad8ff07178b1f3e467ac675a2380f05c742786b93a67f5728c80d14d
AgentTesla
460fa5b8dd75116e68328d16996e31acbdb17183d127bc535a86df01889bd08f
AgentTesla
506fd293063c74af7a3a513778629c01117ae57bea33b1bfff199999a690536b
AgentTesla
98bcac74e8201256485d3fee8e636213cda012f99623424281f700aa5af34624
AgentTesla
a298c08fb2a91450f6b1e2af86fbc8ece3c290e1812c4a4ee77ce273b595c2b2
AgentTesla
ac943c916f546d6a3194154ecb4923c9afbd1a513b7d3af5beba85e8d7047af8
AgentTesla
b547891a3f74093e840f47cecafb75940494dd48f449c7c1bbf229ecb38d85c5
AgentTesla
bd03cebf0f02bc3313ccbe3de2948e4981d52c983d2215c637dda38ab89863e4
AgentTesla
+ 10'618 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

192a389780505a92c4049b6d9d23150d95c84e78b01676de1d4a27b03854c821

AgentTesla

Executable exe 578bd233845bd17bde7fa8afe42885144b59351afc61ac21d73f8495989727f5

(this sample)

  
Dropped by
MD5 a85073ac96f325f87cecbd4a95cb8a88
  
Dropped by
MD5 8ab4b13c53da833c6138718b2a98e138
  
Dropped by
GuLoader
  
Dropped by
SHA256 192a389780505a92c4049b6d9d23150d95c84e78b01676de1d4a27b03854c821
  
Dropped by
SHA256 eba55e805e1e999e1945988ebf80e469fcc1907b5f0a8b64e745fb202aa30399
  
URLhaus
https://urlhaus.abuse.ch/url/335750/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments