MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab63d78243683e8f00bd7a00b3e0ba6867a86bec1abb6b67b24ae3ff9cb65ac9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab63d78243683e8f00bd7a00b3e0ba6867a86bec1abb6b67b24ae3ff9cb65ac9
SHA3-384 hash: d5d64a15513762b80c46bbfc5dd5f8f002f4aeb32dce92e0b175a1f90c480a381ca5428285b4aafb0fd448f5b2a13932
SHA1 hash: 9752756054daa18bdb241016117055cad87f9eb0
MD5 hash: 2a46b456748eba84437c5c08349450c3
humanhash: april-fish-uncle-high
File name:P0rder22101231.pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:790'528 bytes
First seen:2020-04-29 05:36:45 UTC
Last seen:2020-04-29 06:36:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:vsZd1VDaYlMO8Yne1OS9pDTOR3xURLBprEGLU0MGUn:kTDvXAsS/DT80LPMGI
Threatray 560 similar samples on MalwareBazaar
TLSH AEF47DE46A38D4D9C0E43EB23529EC711BF8AE356D6B09404232BDD8F8B53647E0E5B5
Reporter JoulK
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33741000.4499.27893.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 00:45:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vnr5pasdna7i6af5pialhyf2nbt2q27mdk5wwz5sjlr77hfwlleq._file
Verdict:
unknown
Similar samples:
06e83a73a0d058de1811b6ee93f063b97fe79fbab77e2acf0a859cceff815c86
AgentTesla
1122de58d83267cd6edf34690c8d8ac376e337e28fddce0c0609554a2c0396db
AgentTesla
2b70fdc39cc7849e555d2b7cdd0984ecd259bbfb1a8985d975f44c402360d5ce
AgentTesla
47d0a3fd48775f1ebe0290c493c5f485581e766c1ee4e6d2c7f1dbc077645079
AgentTesla
47e1f71185f193d015191dec0fd981e6591780a336115fe14638b74031531ac8
AgentTesla
782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
AgentTesla
d1a314902f558ae79e891b785eec7e87002ed607411e8dfc85b5fbb2f9ef9dc0
AgentTesla
d9568ff73274781296415519aa548621099b45cc19d68c2d9ce59ce9bee384a7
AgentTesla
d9f827863726fb21fd036363b2090e4454776b3ee1a4665d004da0eaa05126e4
AgentTesla
fcc68c78e81eab01751ffe299b6213e6dbe994a6d197367000371e82a4ac0a41
AgentTesla
+ 550 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe ab63d78243683e8f00bd7a00b3e0ba6867a86bec1abb6b67b24ae3ff9cb65ac9

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments