MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d361a3eff51e1fd5abfb175450ef7a0323cf39b7b719b9189216ba06a85e3cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d361a3eff51e1fd5abfb175450ef7a0323cf39b7b719b9189216ba06a85e3cd
SHA3-384 hash: cfcd4fc7b7e2f19815ee7c7fec2ee9e0488a0a8234c63a72f8af7dd4a92da17d211887ddea221a47b1186f4316445a59
SHA1 hash: 2a55031083d5e5fd3679bda29432fbe032f979c5
MD5 hash: 06bbbf610c46630a413672d29476683d
humanhash: texas-eleven-iowa-ohio
File name:FT20200402_104835457_EMIRATES BANK.bat
Download: download sample
Signature AgentTesla
Create hunting rule
File size:698'240 bytes
First seen:2020-04-02 20:33:13 UTC
Last seen:2020-04-02 21:33:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:AtN9zO5axG6pMiBdfPXZYhyvlobcYpoM7zFiDAkmZyGme6NDS5lSII:A1O5aPbJYhClobcYpoQFiEMxe6NDS5lG
Threatray 10'827 similar samples on MalwareBazaar
TLSH 52E4D0323A429655D931177608E8F9C167B1FEC72B50CA2E2A8A77085F325DBBF4E10D
Reporter jarumlus
Tags:AgentTesla

Code Signing Certificate

Organisation:Microsoft Code Signing PCA
Issuer:Microsoft Root Authority
Algorithm:sha1WithRSA
Valid from:Aug 22 22:31:02 2007 GMT
Valid to:Aug 25 07:00:00 2012 GMT
Serial number: 2EAB11DC50FF5C9DCBC0
Intelligence: 22 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: DBD5BD417B78886EDC1574F5E872F3E1C0B07522B6881B95B6DD872AEDBEB30D
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop11.53114.25011.22431.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 18:34:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
21
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pu3bupx7khq72wv7wf2ukdxxuazdz443pnyzxemjefv2a2uf4pgq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
08b8b5c623bd115853cacfa860262fc966334f844a0bda1ed0dfb64bed0e8504
AgentTesla
10b2155331d3b0c7934808e52084c3911f82ece51f39836e3ef0e8db39ee9904
AgentTesla
3ed2582360822da6a9b531650c8fd21865ffa3ff0a63f64cd9cea1fde9fd0de3
AgentTesla
8b334c052aa35c751a90affd750f2f0522fe23c68ae332cce60d4c1337a61261
AgentTesla
99ebc0bf98a16152a009ceb9f57f5ffc55153422f23c80b34b7046cf21eec353
AgentTesla
c04b8ae6d8b950026abcfb92547590a9ae27fe60218542ff96ea94880536c80d
AgentTesla
c3cf7a61f0ab30656aa7dd49ad4888794833ac3ae9eaf61391c4940117a4fd7f
AgentTesla
d223c5d9e8c4529cf905bb3c777f6850b21babd5ef85cd270db5a9e760ba4e0f
AgentTesla
ea2b4579502edcbf620e89086f0d701f1533ca67f5dcaec50a57fb4e8b8e46f5
AgentTesla
efd857b9c713b00e8359f0c58fdb42124b2b3fccbfd5de1ef95156cdee038170
AgentTesla
+ 10'817 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments