MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66d52222a705c3045fecbb5049dc95e060061459909a6c79c73115e5b0c70cb3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66d52222a705c3045fecbb5049dc95e060061459909a6c79c73115e5b0c70cb3
SHA3-384 hash: 07890eaad71c2e58c33138467f43a4c16f7e54ecdd269545cbcdd851bae43f82be23209ccd69b3973c87336a02228d03
SHA1 hash: 5936815af6ef7ed11cfd465d6a339f2da763e1ee
MD5 hash: 60a0880b5ad65c930fe096e5e2d3ba2c
humanhash: summer-red-don-solar
File name:202607bc065ba8773cdfc05ec62fe45c.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'472 bytes
First seen:2020-04-01 07:40:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:G96giwoPxyP2POZQCDQSkvZSjz5BIoYTBzbjoWTV:DginM+POZfM8xBIJtoWTV
Threatray 10'539 similar samples on MalwareBazaar
TLSH C0542A7D2B88B902F73D193689D1266016F1D5834E22CB0F6EC85EED7F527C92C4A396
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1IwwLQshAP8L-_Qwnkx51MKQEAlQdZ2JN

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 08:35:23 UTC
File Type:
PE (.Net Exe)
AV detection:
30 of 47 (63.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m3kseivhaxbqix7mxnietxev4bqamfczscngy6ohgek6lmghbszq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
2c0f1d7345f723c437ba09cc6b7b5b451e241c9ed8f35e09679dd6caba835c6a
AgentTesla
4c0ba445450f16973c204aaab8265d888df2d38f822fbfcdf15249fbc3863356
AgentTesla
5841754eb3bf70c6eebd7e95b270cff96fb86d370f031b6430af922c99364722
AgentTesla
5e3e874b7f87124567d4716a6f0e8d696bae261550b399649a9fb3a85f2e0d5a
AgentTesla
6ef9a45a617adf0e0ff740e37c865325289a110394725c393c314a3128a2575f
AgentTesla
871ee6e52c48688d8eac4796f5d3c6f1b36c659d6cf9b1589c05a1ba7171ee90
AgentTesla
abce854dbb1be834088423c8a911d7111cd6d205b9f6b44be000652860fa03c6
AgentTesla
b5633218ddae3b49aec89824e1032e4826fb8504d39b64b3dbe1b2ff59d38f56
AgentTesla
bcfe28b074cc1d9b0fb7896ee3eb4d28c240bee33cb76578f0f9f1ef90ab92e6
AgentTesla
fdcdf089f15ba0a610e2d6f0c758fffb27835bec9884126f1054764112eb1dc1
AgentTesla
+ 10'529 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

caa8d0e5eb8bb8ba07f99014cf61427641d8df44f49dec5bda4e1ca54f8acd3d

AgentTesla

Executable exe 66d52222a705c3045fecbb5049dc95e060061459909a6c79c73115e5b0c70cb3

(this sample)

  
Dropped by
MD5 202607bc065ba8773cdfc05ec62fe45c
  
Dropped by
MD5 0bc025f9c7df1d7915cde1314fd66359
  
Dropped by
GuLoader
  
Dropped by
SHA256 caa8d0e5eb8bb8ba07f99014cf61427641d8df44f49dec5bda4e1ca54f8acd3d
  
Dropped by
SHA256 19a51e3685cc06a384f2a06239b902c86cbe31691908525d8f65bbebe4ec0a1d
  
URLhaus
https://urlhaus.abuse.ch/url/333254/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments