MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca416554a0bbfe4b62c386e95499c317bb75cf45c63b485f12517e5ac7640afd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ca416554a0bbfe4b62c386e95499c317bb75cf45c63b485f12517e5ac7640afd
SHA3-384 hash:	cfd4de665c52f00de1f4f519e4113d96e874e2b42b3e9377966b96faaeeb3e0496f8b07dcc1b6a77cf28668a87569316
SHA1 hash:	e70e00f15e5f2daafcf44bd36f3cb6bac8bfed42
MD5 hash:	e49e182680c90df1bd7e93760d2e54e1
humanhash:	berlin-sweet-pennsylvania-diet
File name:	609dddc081545a876a1959062a460c12.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	297'984 bytes
First seen:	2020-04-02 01:30:10 UTC
Last seen:	2020-04-06 15:50:13 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:UMTLW7MjFXy+4FYrUnEttwYmj0kdYTDkb4oOTV:vScrUVHHWboOTV
Threatray	10'640 similar samples on MalwareBazaar
TLSH	AF54196D2B48B902F73D593389D17660A2F194834E22CB4F7EC41EFD7E527C9284A3A5
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1Hf45uQ2n1FCipxn06GGAPTjupsLLQyOU

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-04-02 01:35:20 UTC

File Type:

PE (.Net Exe)

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

32e7be2844e7be1f6ae7d262eeebe64926946ebbc8e2d91ce3760b8e1d10285c

AgentTesla

40f62edaaf245e669c4c4de028657d8762862124d810e9f71184e0dc5ca23df2

AgentTesla

52d7bfc971d3f5909eed410680570736d02dc79f93b42e1627a78597205ef862

AgentTesla

5e90b08b7efbc0e845c590ae49ba28df3e5312a485a80ea69b9f8145106b12b6

AgentTesla

6b24da236543d38133dc41cadcf3dea51bc290479b3d669031a2c8668a620648

AgentTesla

d9f4c10febc99ea723d7f3f13d92be6bd54fc18eab233e5b28c5bcff0f3c1e1e

AgentTesla

e4e6fb45f7549a8886e727d6e744a46feaa43c5970949854d82e780805e46ba1

AgentTesla

fdcdf089f15ba0a610e2d6f0c758fffb27835bec9884126f1054764112eb1dc1

AgentTesla

fe6515e661c3c83f45ab0727c45909344f41d8ad37123bcc35af0232378d60b8

AgentTesla

+ 10'630 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

exe 0af4f2da56ea21575a114dc8d848beeedbd79d4ad75f39f6f50e20fcac62cca1

AgentTesla

exe ca416554a0bbfe4b62c386e95499c317bb75cf45c63b485f12517e5ac7640afd

(this sample)

Dropped by

MD5 609dddc081545a876a1959062a460c12

Dropped by

MD5 252449eaeb6f1e7835fa366b804a6420

Dropped by

GuLoader

Dropped by

SHA256 0af4f2da56ea21575a114dc8d848beeedbd79d4ad75f39f6f50e20fcac62cca1

Dropped by

SHA256 dafa6ff39771e102e50022baf7162a5d502e2434d1ae973904173a243d68bbbf

URLhaus

https://urlhaus.abuse.ch/url/333838/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample