MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57df36fc7452bb8ef66e18f5ca34deace335039f1ffe1119c975b547a788377e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	57df36fc7452bb8ef66e18f5ca34deace335039f1ffe1119c975b547a788377e
SHA3-384 hash:	2a2dc7236ac9b77c624822d157c9330001b03096e03c0a0d6fa0a0f5b9b3894856709acbfaee128e12656d4aa5f7ba47
SHA1 hash:	66fe1a2fd64cdd1350aa7a079bc83799af1dacc7
MD5 hash:	c569e92ae0a7581fde94956fcc192c2d
humanhash:	fruit-wolfram-oklahoma-cola
File name:	c6e2c39813119acd5e74b9c93e1e6fe9.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	301'056 bytes
First seen:	2020-04-06 11:30:34 UTC
Last seen:	2020-04-08 17:38:43 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	6144:FEa5DRbYtdGH5P+MXjMky1UEL9ZpmNvHyv45KX/90Lb4sOk:5pUnXT9SNvHyUSsOk
Threatray	10'706 similar samples on MalwareBazaar
TLSH	06541AAD6B98A902F23D0D3745D1622492F1D0838D12C74F7EC84FF97EA17D9794A3A2
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
http://bondbuild.com.sg/wp-includes/Text/SHAFIQ_encrypted_A92CDFF.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-04-06 11:36:18 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=k7ptn7dukk5y55todd24ung6vtrtka47d77bcgojow2upj4ig57a._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

130d22d52d43b7bcc72740f05b270d9dcf9e9a178ab081dfbf5ffe30de0f4c54

AgentTesla

18160b7700ff83693e0aa6c2e947ac4a6c1a286fd4845847f90aa2ba6662f54e

AgentTesla

9c41470416c33f1ac91bdf39d8bbec407e0214456f9d298e736cd62586345676

AgentTesla

9d605d0806d948584dedc30380c5e5f4ce5ee0c565a010a1ef8b2a2d083b5e70

AgentTesla

ba9c641828f465a988c43c858463602faadc4bc688b5b58d9a80bd25fd45a4d6

AgentTesla

bee5f2a67bb904418f1b5a819e2434f1a01824d485a04aab756fd279f05a35f3

AgentTesla

ea2e7ec387cf91e0ad3d44c01b25adc702061e93b66d21f8b3dd1eab812045f9

AgentTesla

ecb77b0aafd61f01b0f6c843594fbccba38abc0fa1df4209d9a19296567f0e94

AgentTesla

f33188a4e793d7f27b2c649730162700bda0259988ee59262ca2be5a87527f83

AgentTesla

+ 10'696 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

323f6ab85fe6432e8e0ba0ac5a2609465ecdac68c1839ed7d73da5f079db06e1

AgentTesla

exe 57df36fc7452bb8ef66e18f5ca34deace335039f1ffe1119c975b547a788377e

(this sample)

Dropped by

MD5 c6e2c39813119acd5e74b9c93e1e6fe9

Dropped by

MD5 50f014eab4300b8ae957e2f4260bc87d

Dropped by

GuLoader

Dropped by

SHA256 323f6ab85fe6432e8e0ba0ac5a2609465ecdac68c1839ed7d73da5f079db06e1

Dropped by

SHA256 0aa2c76d7caa723460f73b6f7d966299cfbc4f7d96fd30f3f9e182c1c474883e

URLhaus

https://urlhaus.abuse.ch/url/335753/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample