MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92a19bc7fba0954919fe0aad93fd8e889631e6e335d899e2347bef09f1ceb676. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92a19bc7fba0954919fe0aad93fd8e889631e6e335d899e2347bef09f1ceb676
SHA3-384 hash: 2920cdfa4cb6e0da8ec9a731df4f15f2b0d43d3566b9df18c4298972b992f848300f74d8896b8169c5d7dbd8a1dfe8f9
SHA1 hash: b1627b62eb2588aa706864ad3eebacba6d5baac6
MD5 hash: 9893c8018ab13c7ce7ffa182753b0690
humanhash: uranus-cola-don-green
File name:COVID-19 UPDATE.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:451'072 bytes
First seen:2020-03-31 18:23:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:rrXzg12JEh+gLkX8Gi47Qe7uncst31A6qmUO0KSsD74hXOA7LTqsJ2jfT7:MFYgLdCQzxxiPDK34BZ3TqsQ3
Threatray 20 similar samples on MalwareBazaar
TLSH AAA4BF7561EF1156D772EBF30BD8ACAE97A9F133124AF539208617C7C221A429DC2336
Reporter abuse_ch
Tags:AgentTesla COVID-19 exe


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: mcamt.com
Sending IP: 37.49.230.105
From: "Esperanza Silvestre" <eman.almawri@mcamt.com>
Subject: Customer Advisory - COVID-19 UPDATE WORLDWILD
Attachment: COVID-19 UPDATE.zip (contains "COVID-19 UPDATE.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587 (77.88.21.158)

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.22732.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 18:35:34 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=skqzxr73uckusgp6bkwzh7morclddzxdgxmjtyruppxqt4oowz3a._file
Verdict:
unknown
Similar samples:
2a76e8e63c85e8208a612cabae9e348dedbbd5c15b2bd71969d65f83e2e70828
AgentTesla
2f8603dd9eb1824b47f11ec53e95da26bff4a7f6e95a331fb9e4a92252d62118
AgentTesla
4f5bf279812fb7f1276a7ce23071b23b6c9fc38938d52b846f060087285bdb41
AgentTesla
52acc00d0564ad9cd64f3d099cd5d074912bfb160f923b20e8c732455a2a20a1
AgentTesla
6ad339e5764e335403390892ed5461bcc70d63d2575228de85311e5d6878d1f1
AgentTesla
730fd544eac15f337f3d2acfd6473f2ab1d8037da100855ca93cdc88f9edf681
AgentTesla
885f8f052b2b412c82c1226ff3d0419c3d6d0837a90a4eebb2990a726d530706
AgentTesla
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
AgentTesla
b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
AgentTesla
f0013d1d682b7ffb99c5eb489d740a9832cdb4137ca18836a1a87c28726edc23
AgentTesla
+ 10 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 753858214aab243de01aa0b0acfd011c092da75c40999ff26814316b2c0c104e

AgentTesla

Executable exe 92a19bc7fba0954919fe0aad93fd8e889631e6e335d899e2347bef09f1ceb676

(this sample)

  
Dropped by
MD5 8894cdf1d912702cccbb2416f73475c7
  
Dropped by
SHA256 753858214aab243de01aa0b0acfd011c092da75c40999ff26814316b2c0c104e
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments