MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cf4d562d03815786cbd7e0fb3c18e5f7e257a216cb833b7e949a2c189ea79b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cf4d562d03815786cbd7e0fb3c18e5f7e257a216cb833b7e949a2c189ea79b4
SHA3-384 hash: 98c3e21b761f71f286877a85f1a889cd8b3573a21915bfa9b5440026671b5d6854d49e491f761da6249f80d67e73cc8b
SHA1 hash: 2a0b2ce05e9029d8a6915a32fc55e24c47d5b28e
MD5 hash: 0d88b341ba3989e07ed0dfa3d499e9f8
humanhash: florida-alaska-friend-july
File name:99e484845154e87926b565f496775cf7.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'984 bytes
First seen:2020-03-30 03:30:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:JEBmRQP2fk3omnmDrleb4dHaVeAwmQGSdAcYTGbfoWTf:JEtP2MY7qNLlKoWTf
Threatray 10'521 similar samples on MalwareBazaar
TLSH 06543A7C2B48BA02F73D593649E166A012F2D0834E12CB4F7EC55FED7E52BC9294A385
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=15Ef4RyDuFpXriWNXVYgi2N8aL88XbVdC

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 03:35:23 UTC
File Type:
PE (.Net Exe)
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rt2nkywqhakxq3f5pyh3hqmol57ck6rbns4dhn7jjgrmdcpkpg2a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0068cd1c85fc05f425fc6213b8317b2827528285d1a73b7df6135123161448ee
AgentTesla
00cf9f1f71d204af2c96bebfd9b269dd387be2f2e61a3efd008cec0744f5e007
AgentTesla
060163be3a5a8a3c01b812b493cf37c88542825b6155c5dcd1469f8ea6533791
AgentTesla
08f2065fd2507d913812ff9c8a09664dbd7004a98ddaeae4e929fad631e0e9f9
AgentTesla
2370632e89b7760a6fb52b85bc77178c4511e62804a2b2d34c24e4a1303a9a25
AgentTesla
268016b6a5ef2e4488d899815b0d2b24c95a99e4b4fed5c946a4e1d947f5c26d
AgentTesla
870fe6b4452b111da70a75632e46487b3ddfb7a247fc8a4ec6a727089cef49c2
AgentTesla
9da1eccf37d5a51c11df17bb39a88e9fdb2118979614ae5951d71b3dc33c62cb
AgentTesla
a1adc016843b4ca4e6b792883fb3d25072275d1213eec5c16a9940653b9a7508
AgentTesla
e0e9dc6044a68060a3eac5b522383c51d65e1720ff209aec58ad55dd49213f59
AgentTesla
+ 10'511 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

3bc7f5f6f709709483aa33c144bd6695836904f45dfacb0bc4c072743be3b5e9

AgentTesla

Executable exe 8cf4d562d03815786cbd7e0fb3c18e5f7e257a216cb833b7e949a2c189ea79b4

(this sample)

  
Dropped by
MD5 99e484845154e87926b565f496775cf7
  
Dropped by
MD5 a4426523625a2d3ee6bc8c15f6dd37ca
  
Dropped by
GuLoader
  
Dropped by
SHA256 3bc7f5f6f709709483aa33c144bd6695836904f45dfacb0bc4c072743be3b5e9
  
Dropped by
SHA256 fd8a9eb2fd66cf2babb5f74d56d72162ae1fb4e0687ece899d233ee7b9f1ed5a
  
URLhaus
https://urlhaus.abuse.ch/url/332083/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments