MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c619634b3d1aae749f4cd310c570a9583c2b71395ed08d61cffb9834f36737d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c619634b3d1aae749f4cd310c570a9583c2b71395ed08d61cffb9834f36737d
SHA3-384 hash: bc10e8d1b68e51c0e2f523dd8cb4c94c39a7e77c386c726e1f33b66cb045b4a9b6b6045848029dcb480dc66756af0e26
SHA1 hash: d0fa1955743cb355f4d3daaf848c4800a6d43f23
MD5 hash: d45e0ade55567b366b291ce5c12f9869
humanhash: pizza-maryland-fifteen-pennsylvania
File name:chib.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:300'544 bytes
First seen:2020-04-06 14:05:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:SkBASxgsQH7BwDM03+GxMtfr8n8dTTQGHGI++qhbZeOA:F+SxgeMAzz8B4eOA
Threatray 10'745 similar samples on MalwareBazaar
TLSH E1542AAD2B98BA02F23D4D3685D1122422F1D0839D12C34F7FC54FE97E6D7DA2A49396
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 06:46:53 UTC
File Type:
PE (.Net Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrqzmnft2gvoospuzuyqyvykswb4fnytsxwqrvq4764ygtzwon6q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
01c6b2a06466f980c13e384814d8fabb76d50ee93b53bcdfc0b27d6a5d9b90f4
AgentTesla
163ad84d7db148a5673e87d8134a699577c55518b6313a8ab81dc61fe0ca6eef
AgentTesla
5ce4d4f2a15924f200619b7140bd99faad88758c0d0f0cfb4eb9d166fe2f41e3
AgentTesla
725812db416e89c4bafe2924855ab5a3f7769a22c69bc02038bbe58e95c6ea7e
AgentTesla
806f31221f182e4a97f68f267894aa671f18f5a8a112bf70ec1f64fd078b8000
AgentTesla
8d67869517928418745bb57e58346ecfdd2af3321e13517159c292d159cc8dd1
AgentTesla
95f2db0071adb3c99b50c41ecdecbe4c6c18e9318bea7d8cd6743aff619a9f8f
AgentTesla
ee6801317f50de988a4d0a24953331cb141a28903a11dac3bf95e58c9bf0bd2b
AgentTesla
f2d446378bebc1c5cb4fdd8941445bc9de335315ea90115c1db4a141155decb4
AgentTesla
f4ee68967541641ce9b2ba8ba7f2741d9756cde1a4f32ba9495cf35ba06b7f01
AgentTesla
+ 10'735 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/335770/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments