MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be
SHA3-384 hash: 559a1c12256028c93678bda61e6c4d0cae616c3c59fe6b003fe6e7cd5cea3105f053d7230107a1685c99f0f7d4579b74
SHA1 hash: a39230400e477def0cfe69d4b2397cec38a70256
MD5 hash: 37e4f25597395a717de064d83379cb98
humanhash: video-asparagus-skylark-summer
File name:bJT5BcuN.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:29'184 bytes
First seen:2020-03-19 00:59:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 384:nB+Sbj6NKgxXv56ZdAHnGOzqD/9Y3BpwvDKNrCeJE3WNgTQ+lhjpRXhL9xXQro3O:BpkXR6Zdwn290Bp+45NinhRXPxL+j
Threatray 96 similar samples on MalwareBazaar
TLSH A4D27D147BD18346D3EC1AB20A72A2550E71DB47A93BFF3D0CC954931D6BED18AC4AE2
Reporter johannes
Tags:AgentTesla LimeRAT


Avatar
viql
limerat via https://pastebin.com/raw/bJT5BcuN

Intelligence

File Origin
# of uploads :
1
# of downloads :
938
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Barys-6836745-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Limerat
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 04:48:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
258475fb4d0c7c39b4d702172b78d67fc9223792061729543c97d0950c396b5e
AgentTesla
2fbbe88ec8eff9ff1b939dd340ebb0fe74e60abf958f55b7044ad87dc426cd08
AgentTesla
3dff78186451d97e6c3403b885ffb148cc7130b2b787b915041c7363feb74c68
AgentTesla
4b6226b41a638ea48776cb12ed1ae05b312c7a0d7d8546c13c80c4c2e039cc29
AgentTesla
640c6f9d631ba2de61496a6542cd25ff15bb7e90359a269aafc6934016c12fa8
AgentTesla
6fe8005b1469268e2edc5e10ee3b4b79ffe26c351d13313f8da14ef38db3d83d
AgentTesla
7952bdc31aff90112f8b774602374bec264496134716b132cfbc832107fd15fe
AgentTesla
8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e
AgentTesla
99b68453c0fe9b7440b10cbc6a839d8046819ae73a2ef9ca5b712e655e1416f7
AgentTesla
e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14
AgentTesla
+ 86 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/843097123a40e1442b2f08ce9c77ebc909a3e77e1ea3b6f21981a579ab2ea9be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/bJT5BcuN

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments