MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a06f053014f58149aaff3aef789579d02ee6e1881e89311320dc0df3ae1d674. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a06f053014f58149aaff3aef789579d02ee6e1881e89311320dc0df3ae1d674
SHA3-384 hash: f4bd3db30773012838525593b85ec8afebb586b19f870c3827172c5fa5cfa54854f901ca20058681706e200e78d6d251
SHA1 hash: efcb946af04612bb9353877611e21c5c05514941
MD5 hash: 077ee2a6320fd17e1a49845feceb19b4
humanhash: yellow-tennis-kilo-happy
File name:pay invoice.scr.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'400 bytes
First seen:2020-04-29 19:32:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:HawR1A7W5XniZThDuEf6Ld7vxhkGGrQnvhQueZ5:Ueni10EyLNvdGkj8
Threatray 270 similar samples on MalwareBazaar
TLSH EE94127D9BAC3B3FC25B09FCD4C18D0572A9C169E613F2996D8A119D809EFC12D64E83
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta01.svc.cra.dublin.eircom.net
Sending IP: 159.134.118.222
From: Philip Hollingsworth <pjhollingsworth@eircom.net>
Subject: Re: Balance Outstanding payment invoice Per Diem USJ003600 JBPW DEADLINE: $39,975.00
Attachment: pay invoice.scr.img (contains "pay invoice.scr.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis077EE2A6320F.17508.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 13:01:25 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lidpauybj5mbjgvp6oxppckxtubo43qyqhujgejsbxan6oxb2z2a._file
Verdict:
unknown
Similar samples:
205c64751a28eba3128dc0d7a6f15934caef963bd2cfcd5898f0b7b22d72cf08
AgentTesla
42500f58701c82d20e2255ef2b3b22abe0f0f47e4dc53907c0ca8bafbe01ef25
AgentTesla
440772fb86f2519451345ac945704a6e135868b504f2cdac881f17f9d4bb8602
AgentTesla
69477d03d335e9dc9f9de2e656d8ef11d8111ca35fbc37008a3e2082efbf5af2
AgentTesla
782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
AgentTesla
bff997af2c8f1c0aebe9caaf6076c4901c8c3910337510401daf10289c57a5da
AgentTesla
d83d25cdeec57d8bdb0ae70c21d60f32645a2fa21f3f7792774b5ad3bffce9b5
AgentTesla
d9f827863726fb21fd036363b2090e4454776b3ee1a4665d004da0eaa05126e4
AgentTesla
f17b34a25b38f624ce1dc8c5f36cefbf3a989b77714f4c566c085c56f03c8fbb
AgentTesla
fcc68c78e81eab01751ffe299b6213e6dbe994a6d197367000371e82a4ac0a41
AgentTesla
+ 260 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img ff78c9375a234f27e9697574ee57a7b3fbe725e3ac570771db2a8703ec4ab97b

AgentTesla

Executable exe 5a06f053014f58149aaff3aef789579d02ee6e1881e89311320dc0df3ae1d674

(this sample)

  
Dropped by
MD5 f19c7339ba883468e1c987729e03347c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ff78c9375a234f27e9697574ee57a7b3fbe725e3ac570771db2a8703ec4ab97b

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments