MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d613a44287461721470462f057542daf34dc32d8e1d66cceb8837fc379c36c7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d613a44287461721470462f057542daf34dc32d8e1d66cceb8837fc379c36c7c
SHA3-384 hash:	03f3facfe8d17801f07a3712831e39b09029b59163dea94b36bf2a4e71d84a72ca4f7e2515d7aa8d8cb43606bfc58519
SHA1 hash:	56eaee72a32f8c42418c97b3b8fa77982e8d24ae
MD5 hash:	7a5a1e67d10dedb2c5b96c723a226853
humanhash:	steak-friend-nebraska-crazy
File name:	feafd18a3a8b8b23811cd0183f22333c.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	299'008 bytes
First seen:	2020-03-30 02:30:12 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep	6144:BX4S/hYGXwT8+3TtwHHPb47eJ4/7uIkUUzNTq0dBS3RZeb2oCT7:BX4k1wT8mCH1uuGUx73qoCT7
Threatray	10'447 similar samples on MalwareBazaar
TLSH	66542B7D2F48B902FB3E1D3289D1666012F1D4875E22CB4F2EC45EED7E52BC9284A395
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1I1Co6FXo7vIBycQ7PP9k48QpZIE89XVQ

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-30 02:35:30 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=2yj2iquhiylscryemlyfovbnv42nymwy4hlgztvyqn74g6odnr6a._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

4b8b49bdfa435d0faba2e3964b04e20bbfc86aa4ffc3c3b8e1449894892f125b

AgentTesla

6d58c8e531d65f5713f19a8caf7b6ac0f4ce25adf29a3b96aeee7de4045f409a

AgentTesla

6f297e7cd13f8c61812d94c95a79e704f16317c5ea23dc9bd475c57c2f87a303

AgentTesla

8e26ebee195d4120b62cece46d79a74989b899f3c7bda83a14c5f273cd3f098b

AgentTesla

bf0608df4ec33356cccf0af528cb8272bae2d3e86fc46ef5b80da38c92e77176

AgentTesla

c0a0b1739cea0a7e3eef1f59c9e9c437891786345306fb841c4980a1d57002f6

AgentTesla

d5e06bd5b182c263e985c253a6074e4b538a96c1299f6e2f528d90bfcf15c5e8

AgentTesla

e0bf0691f22474df863042a5635b47492ff19ea813a19e377a04ee01e5e6b87c

AgentTesla

fdf438f4554b9b5184dad63af814f9acd88617df374a2e618294523f1cb7e350

AgentTesla

+ 10'437 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f3b15d0a3e0f549cd946af21dfaeee6a5f6b56105e089ae8b89141ce5028cb49

AgentTesla

exe d613a44287461721470462f057542daf34dc32d8e1d66cceb8837fc379c36c7c

(this sample)

Dropped by

MD5 feafd18a3a8b8b23811cd0183f22333c

Dropped by

MD5 23bc664f41d1bda63b7bbcdc5681ad97

Dropped by

GuLoader

Dropped by

SHA256 f3b15d0a3e0f549cd946af21dfaeee6a5f6b56105e089ae8b89141ce5028cb49

Dropped by

SHA256 e0d58ca91896f0f7b6243f90054005cc159ce33a7a930cbbdc34b3374b3b9a45

URLhaus

https://urlhaus.abuse.ch/url/332087/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample