MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6bc243e8956f73a480418dba78d343eab3abd486248044c9f9e7d2dd9fd0795. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a6bc243e8956f73a480418dba78d343eab3abd486248044c9f9e7d2dd9fd0795
SHA3-384 hash:	e925e8a7a5882fb539a4090edfb6c9b8cd688f800834220db024c7d9931f33064642f38202a979c7acc68520902f44ea
SHA1 hash:	2fc702a3254c75631a49e831b76b7b5a3f4db63b
MD5 hash:	b484e2110ea359a01a5bf49bf07645a1
humanhash:	batman-pip-apart-uniform
File name:	FcDqk2Gom1iPyLp.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	503'296 bytes
First seen:	2020-04-30 09:27:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:zxBv/dTFqyIhFLVUebA/qqe7ygHi345BqT:LiyYVIiBrid
Threatray	112 similar samples on MalwareBazaar
TLSH	9FB4F11222958C97CB6A29F84892F3180775EF597453E7DE6EC031FF0AF6BD26506283
Reporter	abuse_ch
Tags:	AgentTesla exe

abuse_ch

Malspam distributing AgentTesla:

HELO: uzlinshpl01.uzcloud.uz
Sending IP: 185.74.4.8
From: Brad pence <sale@e.siriusxm.com>
Reply-To: oliviamiller878@gmail.com
Subject: Document 04/30/2020
Attachment: Doc 30.04.2020.rar (contains "FcDqk2Gom1iPyLp.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-29 23:19:13 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=u26cipujk33tusaeddn2pdjuh2vtvpkimjeaite7tz6s3wp5a6kq._file

Verdict:

unknown

AgentTesla

31a83eeaed551ab0fd49211ea01163c1284fcf575391329f290f1e2c2e5c8ed4

AgentTesla

3ee6f86acac2d68d1330a094b0ad9e4654a8da9038cf2a3cb836505b51c80b95

AgentTesla

79fe729b3d1b44d11fa2da5a44c823c7a081cc24dd312f1137c1b8ec6d24413b

AgentTesla

94213bb74d440f1782526a2a47f1820545963ad6b07aca628718c4e9113649e4

AgentTesla

ac8a96958466021dd54209aa0119c8b5fbd6360c589787a7d5159d7508462fad

AgentTesla

b461e2c2a90c171e0aab4cabf499c7fca2704c45748f238b0ea54252c34844ed

AgentTesla

b479c1ef641507c57ff33824c498abd088b6bd6cec8d1a3226ac92a14ff9924f

AgentTesla

f7111becb8c59613ae4843dd30281edfa7684a931100f18fe64f75364ed85bf3

AgentTesla

f78bf6115eb4acfebf2b8b77992e5fd701a36df9b4b2bb4bf4cdcc75e9112ce1

AgentTesla

+ 102 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 43f86e35b633dc46a146f54282606529cef31ac9f33e60151e5287a6bfcc3bbe

AgentTesla

exe a6bc243e8956f73a480418dba78d343eab3abd486248044c9f9e7d2dd9fd0795

(this sample)

Dropped by

MD5 77ed741e7570556a1dfec1e8a5278ef2

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 43f86e35b633dc46a146f54282606529cef31ac9f33e60151e5287a6bfcc3bbe

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample