MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6b47a7728293728613b03f3e615897081f6f2b09efafa9b798bb3b9dcd0f283. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6b47a7728293728613b03f3e615897081f6f2b09efafa9b798bb3b9dcd0f283
SHA3-384 hash: 9b25ac92fdedae19add1f66813e172c9f482f2e6225b6a44ecaf5b5a510a31c5542bcb96d489314252308341efb00962
SHA1 hash: fa025b1c1083ff3320aa2ab8dd5b93be7d6466f1
MD5 hash: c4c55ee713c4ebd51b4b9f8834cd1f1b
humanhash: kilo-nuts-december-maryland
File name:c6d0a8b1e2a3ac05e49691fa76795149.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:298'496 bytes
First seen:2020-03-31 19:25:11 UTC
Last seen:2020-04-09 18:10:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:Eyr6v0BcTOUYwWbbb1lpLcjKBMJdYTaKbroyTV:jr6c6Os+5lzhoyTV
Threatray 10'679 similar samples on MalwareBazaar
TLSH 1A54296D2B88B902FB3D593389D126A052F1D4834D22DB0F6EC41FFD7E567C9284A395
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1lqfVeJT5vod-2MD2eNA1CjclhHKQWD2P

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 19:35:32 UTC
File Type:
PE (.Net Exe)
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=222hu5zife3sqyj3apz6mfmjoca7n4vqt35pvg3zroz3txgq6kbq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25
AgentTesla
147408894fd77da6a8669e752089f4cc98286b9399b177b07fa8922d20a47874
AgentTesla
1adbb491704dbef231e8c467ba7e74894c3ee818461ab28292ec32e3f9b74b5d
AgentTesla
1c52fdf3b0e990fcb41ea7b549f42b96be5d5ad6222f47384c2d1569c9469e1d
AgentTesla
24245c3e1af247d82a4afe11c35679ca51f6b815bfc17c4c79768ce8a2d7fef7
AgentTesla
3b7b6ebc0ef2b50756af716c538e13e8a9dc767a635de4ce53190441605185c6
AgentTesla
4e892591da59a34dbe9f193aee50de68ada3b074011a28f14323539147c554a6
AgentTesla
78786a5ff2dbc771a4d1798bfbf2ebc0477b9db30af86b19ee17c8f17fef709e
AgentTesla
9d7bcb3e5e8b056065387eef6d1a9267965ed0b013ef8fb8140b4127cd8f16e8
AgentTesla
b67f72eb980e1ef037646a9fe6fa3104bc765a2e24765ace27ae2e5ed686b6b5
AgentTesla
+ 10'669 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

c36e205a6e8483422357a2829ed215097a81b02ad343a201a5419d9fe82ae0ac

AgentTesla

Executable exe d6b47a7728293728613b03f3e615897081f6f2b09efafa9b798bb3b9dcd0f283

(this sample)

  
Dropped by
MD5 c6d0a8b1e2a3ac05e49691fa76795149
  
Dropped by
MD5 c10b53d0cc625053a4c6e7024789af3f
  
Dropped by
GuLoader
  
Dropped by
SHA256 c36e205a6e8483422357a2829ed215097a81b02ad343a201a5419d9fe82ae0ac
  
Dropped by
SHA256 d859715adda7f85e5a931f6cfdf28e0d132424226ac1bd859e6cad60b0175b7d
  
URLhaus
https://urlhaus.abuse.ch/url/332844/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments