MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80e373ee8f746e0efaa489ac20fffa65ca659ba8c4edffef2d122c33051c1837. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA 3 File information Comments

SHA256 hash:	80e373ee8f746e0efaa489ac20fffa65ca659ba8c4edffef2d122c33051c1837
SHA3-384 hash:	bab1cffbc2cfa779fc6f5a5f5e8c4fefaad040323146d0a0ff494e44453538aff22330a43eb8be474f670c4652800041
SHA1 hash:	1b82bb02eb573f1d471374f54df129fc4e76a029
MD5 hash:	a165538d98eba7ee526c78cf8b477b09
humanhash:	ink-eight-orange-black
File name:	MV. BARHOM II V.1820.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	729'088 bytes
First seen:	2020-03-23 15:03:35 UTC
Last seen:	2020-03-23 17:06:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:VC8yWRCahapqtkCMmHTmJFxVXjFH/eM69ny:iahOS6BVXjFfT
Threatray	10'254 similar samples on MalwareBazaar
TLSH	FDF47C24C6B48D10E5728BF99565A301CE70EF135F2ED6393FA358E9282E7D4B6C2523
Reporter	c_APT_ure
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-03-05 01:53:18 UTC

AV detection:

22 of 30 (73.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qdrxh3uporxa56vergwcb772mxfglg5iytw773znciwdgbi4da3q._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

3aa90f6583dde40c643519b2baa2f5d3b3a0e5c4ab54b7e7f64cf662f8c0fabb

AgentTesla

4c7aa908b8b0f65ba2fa635d033211e4a7664a8f3fa2fb297424c8a21e4783f5

AgentTesla

510c7317478a2e0cef9561136c0e2b49fee8b5b91d89a56c0193d50aef278af0

AgentTesla

52acc00d0564ad9cd64f3d099cd5d074912bfb160f923b20e8c732455a2a20a1

AgentTesla

887afb0090c2878cf0727e35f5d33cd97aa9964f6193c4ebd1770493279a1263

AgentTesla

b39e096b204c009b28f80f36a5b197539cb24d7f670eed000d7fa3db347298b1

AgentTesla

c25df2651a747220690ee62f23e4246ce37765ec5d1ef624f156af3f0f14041b

AgentTesla

c48ab81f93ccd69c6d2b796cb4f431db97179480bf6251b715347b0b32dd500e

AgentTesla

d2cc729be39a3136dde1a0e312f2cf6bffbcf4159f3b724b980e5ac2419a398c

AgentTesla

+ 10'244 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Agenttesla_type2 Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect Agenttesla in memory
Reference:	internal research

Rule name:	CAP_HookExKeylogger Create hunting rule
Author:	Brian C. Bell -- @biebsmalwareguy
Reference:	https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

Rule name:	win_agent_tesla_g2 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample