MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94fdeda176e6372985990042038668a5dbd48b5231b7d063c907585b6156affe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	94fdeda176e6372985990042038668a5dbd48b5231b7d063c907585b6156affe
SHA3-384 hash:	f4170c7cc8b1f4316a1a0ec042a54d61c8b4ff2cbe1d0fa20911109a329f78439f55758b81254b55f0a8e6bc7e8dc073
SHA1 hash:	eb130301d4a60cdda04b684559ae334147760650
MD5 hash:	68ef85a205d1b518dba673a9ee7d1c2e
humanhash:	papa-black-twenty-papa
File name:	PO2.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	632'320 bytes
First seen:	2020-04-30 07:35:15 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep	12288:KquErHF6xC9D6DmR1J98w4oknqO/CyQfqzfgtP3+Jc54Nz/wjOUoW:/rl6kD68JmlokQfRtCzIjOUoW
Threatray	11'094 similar samples on MalwareBazaar
TLSH	50D412855AE98866E1B63B718839CD9008757C62DDBCE79D8728E40FBC30702DC6773A
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upolyx-12

Win.Malware.Azorult-6971822-0

Gathering data

Threat name:

Script-AutoIt.Trojan.Androm

Status:

Malicious

First seen:

2019-05-15 18:28:25 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

7f88570972b45202587d9ef6f5d8e7c447519c8add58523f162a5fdce479648c

AgentTesla

8346576d9f1fb9c2efa5b902b54f931ba3fd0482ff1c78711d6b6849b51e542c

AgentTesla

8eebcb7d52c969e6bb4704f11022afdf9d61462f96ad27e6859863fa681c77e6

AgentTesla

bc7d8216583ce22a2e496eaac28ed94d40451fe58962a93835593e1a7d063a28

AgentTesla

bcc007773b48459b0b8b0fc4c47d621f65a178d297517486f78aec91d5dc1a87

AgentTesla

c0eb2f545d41334272272e0499b31a1725aaf3880f4e0a2469590dc47ce801c4

AgentTesla

cb8503881bc157b1c984dfb66a76d2ef039c723666098a917adca4d247ea03d8

AgentTesla

ebb77a2bbab23ac960bc0680abcfafa3e62999ef2ac47e0c08f2d2f76b78b283

AgentTesla

fa84525a3f72a0cbed41a990523a28aa5edf705016713ffd2da78c56e309dbe1

AgentTesla

+ 11'084 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical

Reviews

ID	Capabilities	Evidence
AUTH_API	Manipulates User Authorization	ADVAPI32.dll::GetAce
MULTIMEDIA_API	Can Play Multimedia	WINMM.dll::timeGetTime
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA
WIN_NETWORK_API	Supports Windows Networking	MPR.dll::WNetUseConnectionW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample