MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0cec73b76fb458543566627fab866c8022867bf16095164ef94ad0f54be2867. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0cec73b76fb458543566627fab866c8022867bf16095164ef94ad0f54be2867
SHA3-384 hash: fbaea14076382533842bbe1db488deffb99e4f1acdf4bf093194e39ba183c9f559126310bf896e2cb8f1fffdcdadb941
SHA1 hash: 3fda2e2b10d776d7bac7ce42c24875b5095900dc
MD5 hash: cf726489339e42db1160430f99903153
humanhash: three-red-table-london
File name:5d4930d34b37aa020df1180b2dabc8df.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:299'520 bytes
First seen:2020-04-01 16:05:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:No0uKWzAfWgFopaYkgXxTvxiF1uvbIoeTV:TbogwBVGoeTV
Threatray 10'528 similar samples on MalwareBazaar
TLSH 3C54186C2B88B902F63D593289D1667026F194835D12CB4F6EC45FED7E937CA2C4A386
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://www.dieselmoreno.cl/site/v2and_encrypted_ADF260F.bin

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 16:35:32 UTC
File Type:
PE (.Net Exe)
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=udhmoo3w7ncykq2wmyt7vodgzabcqz57cyevczhpsswq6vf6fbtq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0702729c34578ee78cf3cb883ee298fc4aa67dbb433981790605e4e4afb642ff
AgentTesla
1304ed05b8f1d183feec8852f16c1f0ba3198388f437a339af62bd2974d8ebdb
AgentTesla
1e68055f95563948fbacfd1de0b04fd457c108ef8482d2a6642a0067835ce529
AgentTesla
38525021970c707fe513c2589e60dbd8ee2d052e1f4700837a5b132b28baaa33
AgentTesla
57df36fc7452bb8ef66e18f5ca34deace335039f1ffe1119c975b547a788377e
AgentTesla
751bf8fd813455834ff278900b4e561262aaf06459a49d8631fb6ffa73472674
AgentTesla
98c84fd5cabd02fb4379bfbe9e4230b991fe553800b5e7e1ef5b2dc53c018dfc
AgentTesla
a67bb928f2d8830e5e8dd05beec8d56d189af490a667522752cba64b6cd5951a
AgentTesla
d807dcfd04f5d5eac71522a29a6911c504039edb6277ba9b35953ca9f5fcef8f
AgentTesla
edfcf01c73ca6335d2040ac54b4d1513a4bb1ae7756e2ead34ddb6b03fb044f7
AgentTesla
+ 10'518 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

3ae43f1dbaa6478f184ece44ee6a4078add5de6848c57c8f3c8bbbe15dcbe53e

AgentTesla

Executable exe a0cec73b76fb458543566627fab866c8022867bf16095164ef94ad0f54be2867

(this sample)

  
Dropped by
MD5 5d4930d34b37aa020df1180b2dabc8df
  
Dropped by
MD5 93ec4d780cb2d16fdcdbb057f93cd881
  
Dropped by
GuLoader
  
Dropped by
SHA256 3ae43f1dbaa6478f184ece44ee6a4078add5de6848c57c8f3c8bbbe15dcbe53e
  
Dropped by
SHA256 d1d0822b464ac6a700ff6248d1cd0b050c0956b5c03e78e0ecaad2c66860b316
  
URLhaus
https://urlhaus.abuse.ch/url/333467/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments