MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8eca58e8f7973be0d80afef06aaa0ef115ca02d036f66c69d1eb6f91582a6d34. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8eca58e8f7973be0d80afef06aaa0ef115ca02d036f66c69d1eb6f91582a6d34
SHA3-384 hash: cde5be7e5eb0422810c716929e00bb2c64ba469c3bd19613d88ef289d4b7e357ce351aaa50738bd3833a5a0ad1b00b51
SHA1 hash: 8bc0282c05fca0adde23addd354ed8dbf2771107
MD5 hash: f95e7072fd910d5934d97baef5b051bb
humanhash: freddie-twenty-six-violet
File name:ago.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:299'520 bytes
First seen:2020-04-14 09:50:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:b9sEPx//ltGJzXVsMF2Z2pNnzt5VjBLUxbfOqbciOW:BbaJXGoRzjLUxuiOW
Threatray 10'534 similar samples on MalwareBazaar
TLSH 705429AD2B88B902F23D0D3685D5522566F1D0878D12C30F7EC44FFC7E617DA2A4A3A6
Reporter gorimpthon
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 13:53:23 UTC
File Type:
PE (.Net Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r3ffr2hxs456bwak73ygvkqo6ek4uawqg33gy2or5nxzcwbknu2a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
077ea1beb3d55288fae709ca1656bf8ddb08fca31dd675ac81de3980b7b3eaed
AgentTesla
312de3802dada78c710b868a26d744dc65991de475bc741c21c5714a84977813
AgentTesla
3168dedd367a1c486a5e5f79304a204e1508fcde7ea4fa2363e943a62330268f
AgentTesla
4717695c89cf6073f6fb151303d347d706a194db743857cc09a2074d2437889f
AgentTesla
4e0b4d0f9eb54314d659f34847e8f422b1e6c41ce5ffb11ae1b3ae0f0c44ac96
AgentTesla
56ab1237a3aed66ebe3a7464794c1bf41c40596456f92926f6d49e482922ebd1
AgentTesla
6519dfe26997fc43ff02521a72567a3477dfcee8dbdfeaf35253b30cb07d12af
AgentTesla
b8d0aaaac4f35677e4817853585a51dbdcd93cd1a35081e24557107584f318a9
AgentTesla
ea2b4579502edcbf620e89086f0d701f1533ca67f5dcaec50a57fb4e8b8e46f5
AgentTesla
f7216d025821af6be807018f12db7c5a5bd3cd21ef0176b02c6cbe0f05ac4cf7
AgentTesla
+ 10'524 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 8eca58e8f7973be0d80afef06aaa0ef115ca02d036f66c69d1eb6f91582a6d34

(this sample)

  
Link
http://ashis.jutobimpex.com/js/vendor/files/ago.exe
  
URLhaus
https://urlhaus.abuse.ch/url/340139/
  
URLhaus
https://urlhaus.abuse.ch/url/340188/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments