MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbff8963c1d1069fcc4f65429d480df9963765f29865e9b35a6cb100f8005754. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbff8963c1d1069fcc4f65429d480df9963765f29865e9b35a6cb100f8005754
SHA3-384 hash: 63afc07f05bedc3175c6f31abbd076809c4a3a5e8ec70e630d9be21eef9445ec96a916d33ed921513238bf573a944708
SHA1 hash: 7465979cd8859e8348b0952b40bf9dbb41de2bea
MD5 hash: 333db54723e9061972944964fc048425
humanhash: coffee-maryland-monkey-london
File name:7a99bb959010dbbdd5f61debf27ab9bd.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:298'496 bytes
First seen:2020-04-04 21:20:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:Eu+rBNM9GfRXPrAsgQ59C4Ykoq6MIvU/svz7kttrYTadkbIoeTV:erBNhtXC45GvTvz7OtA0oeTV
Threatray 10'614 similar samples on MalwareBazaar
TLSH 66543AAC6B88B902F73D593249D5666016F294834E12CB0F7EC81EFD7B537CA2C4A395
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1O8ECSkq5f8iweNM84tLLIBRR_QWGTZxg

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-04 21:35:22 UTC
File Type:
PE (.Net Exe)
AV detection:
30 of 47 (63.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xp7ysy6b2edj7tcpmvbj2san7gldozpstbs6tm22nsyqb6aak5ka._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
034b8adea4ddcae055c94f0d0af361bb2e5dbe02047db9371fe0d2c189adcdef
AgentTesla
4aba472bffc408315c06d8d015ac5241175d6ccfea8c3c04065ba64eccd94cfb
AgentTesla
64cf49217af987d0626bda4b48ebe5cf40e9c27b47cadda9ca5a4ff7c1914027
AgentTesla
6bdce9236cb2c45000de6d3b5c8253d4f247c68d802f990e2f244d03d93d9df3
AgentTesla
862c3c7bef5e6eef0c13e8381f69fa45eec9c859434fdf1620776e99094ab996
AgentTesla
aae624caec254144105749a9b12bde61f77415ce28c9f28cc2bfebf0fcbff1f9
AgentTesla
ad7db1393e62d89dcb0039aa5ba64a897e88d3f6b76d146ccf419e952e57c317
AgentTesla
bee5f2a67bb904418f1b5a819e2434f1a01824d485a04aab756fd279f05a35f3
AgentTesla
dcbfc03cfe9523c25ab335f599cebcbbe8f2439ef7ab973aa9ec0330e4e7d11f
AgentTesla
f242ad8f253e4e481529cffa7b3d697683649ba31b8c8500f2d24d2bf591e553
AgentTesla
+ 10'604 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

cee790202ae17d16a76f889c64ef384905e231ed62bf0cb4f40d3e7eec3b3460

AgentTesla

Executable exe bbff8963c1d1069fcc4f65429d480df9963765f29865e9b35a6cb100f8005754

(this sample)

  
Dropped by
MD5 7a99bb959010dbbdd5f61debf27ab9bd
  
Dropped by
MD5 f2eff38650eaea6100b9b6575ff8a913
  
Dropped by
GuLoader
  
Dropped by
SHA256 cee790202ae17d16a76f889c64ef384905e231ed62bf0cb4f40d3e7eec3b3460
  
Dropped by
SHA256 f620c1cf49d4bdb0ce247c2ebdad0432c25f0106317ef4f18f7c5b485aa551e0
  
URLhaus
https://urlhaus.abuse.ch/url/334605/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments