MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c823d50b276192b513011547b0be2bbb66bed47f06e111f03858e3a9d72f0d6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	c823d50b276192b513011547b0be2bbb66bed47f06e111f03858e3a9d72f0d6b
SHA3-384 hash:	a666392ce1e6be4325695f67f7e22e98ec074729e453f5ff83adc4672c4dbf8245514cd55fef68dffb41db76c0d5962e
SHA1 hash:	c899233cb510769d31b56ff2e83bae9934db6fa6
MD5 hash:	329e8e2b9ae87e8d0d1807649b56bcd7
humanhash:	glucose-thirteen-lake-purple
File name:	90f02bfef7363ade225c3c37839a6265.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	297'984 bytes
First seen:	2020-03-27 12:35:14 UTC
Last seen:	2020-04-01 01:00:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:LUY0yOgPAthHk6/9O5WEU3VT8a0zX87DDvRqedAebXdoaT7:IY0yUhxEU18JMxvoaT7
Threatray	10'418 similar samples on MalwareBazaar
TLSH	33543BBD6B88B902F73D493249D1566016F294878D12CB0F6EC81FED7F527CA2C4A786
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
http://sunganak.in/wp-includes/SimplePie/Djorigin_encrypted_2B18AD0.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-27 12:57:35 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

29 of 46 (63.04%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=zar5kczhmgjlkeybcvd3bprlxntl5vd7a3qrd4byldr2tvzpbvvq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28

AgentTesla

6987e9d66b3d7120047b8725caa87c262f1430a2b91a6d1ef717e6f4b6c3fd84

AgentTesla

829008943eff3aa587242f2dda6989e2f2b1e7cf7abcb10099071aa2444a9cb8

AgentTesla

8501b62ef01d0a8ffacb3e1c7bd13129fca8a621d00f14d81a1227cf6872c5fe

AgentTesla

9f7264f096d9aa3d9bc1215a0979566e9fdc64dd58089c7913af18e2709e3f60

AgentTesla

a93c824d20b6d30f7a6cdd41e83dc2ed1b1294c023d25184b2779cd0fd4f2a5a

AgentTesla

c2aece4c0138a4ce56c8baa129b99e8740277795ac3c69e03d3a86cb7e629582

AgentTesla

c7839a3137610ece15b06c73cb4e9ad2b7d175630c13717649974d1965d1235c

AgentTesla

e0f1cd67f7dc539f3bb1b8c454982131f418dc4d5cdb06215d4e2aaf8335e90c

AgentTesla

+ 10'408 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b08f6c98b0d5192d1163277f991df4a634d54c9ce2cff21cc7dfae7bd13965b0

AgentTesla

exe c823d50b276192b513011547b0be2bbb66bed47f06e111f03858e3a9d72f0d6b

(this sample)

Dropped by

MD5 90f02bfef7363ade225c3c37839a6265

Dropped by

MD5 325c7d8e1bbd801f7ec5b0d8e8737616

Dropped by

GuLoader

Dropped by

SHA256 b08f6c98b0d5192d1163277f991df4a634d54c9ce2cff21cc7dfae7bd13965b0

Dropped by

SHA256 78d58a93e13f86b281e8be7753a47796ebc96cf27d2d72f23961a2f729e34f95

URLhaus

https://urlhaus.abuse.ch/url/330923/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample