MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da9862ee8464b05323624e0c7bda7d8bad57f7f2239fd4c2355d5f2b2aafbe68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da9862ee8464b05323624e0c7bda7d8bad57f7f2239fd4c2355d5f2b2aafbe68
SHA3-384 hash: 549c234b6e89a2cd5376dade76e3e9f7e0974829204c1454b8cd01ff2c2a1f2b7c0fd2e5157c316520020affc08252cb
SHA1 hash: 3fafa7fa8fe403356531784466994ce25fa690a3
MD5 hash: 9ab76c2cab4d7203dd5ca57dc788f026
humanhash: sodium-glucose-golf-freddie
File name:CONTRACT0091.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:864'714 bytes
First seen:2020-04-30 11:04:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef6a8a8a819568806ed8cfc5418a27c1 (2 x AgentTesla)
ssdeep 12288:zU8nj3y0iM7Sq8/q8Oq8+q8Lq8VBrj63E10n4WvGOnEBBXb6Q7Xfm4JW/dvVx7:5piM7B8y8V8l8G8bd104WNE2Q7PpJW1
Threatray 11'271 similar samples on MalwareBazaar
TLSH CD057D537E5C19A1C99810F253DEBA0F20EA3C2F01FC6716671AEFB9AD6604770B162D
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39392.25344.18858.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 11:45:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3kmgf3uemsyfgi3cjyghxwt5rowvp57seop5jqrvlvpswkvpxzua._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
110fa520e5db8df04353392a845e64808d2ce2a95de989bc44e2d66abadc1497
AgentTesla
135f30b64eb7d5c4c68f36be07133b9f7134e8f3cef3d91569dd20b38b4d5d79
AgentTesla
25f0420d3551985569fb57497301c7d2f691083d7318d28db5bab2e8a6a0bb85
AgentTesla
33e6e7a8f9bd94fa61311b96d6d87c77acae7ab7c42ef47e03be3a14ff7d492c
AgentTesla
6df8ea96addb668a51442b4b3287c1294f0e834333c068f3853cb95016dceaeb
AgentTesla
6ebad8c7efc95c2c8d71e1ed6214415d6cede21907c879add7d646589a3d5b23
AgentTesla
70bdde448d83d5fabecafc0b3706fe1b732b64ee09d6d34886415688acf459d3
AgentTesla
77985fca7ae6b60c8025ba326e3bd1d9949c3fb32b9ca0f99f040be633823a7c
AgentTesla
db5f388785aeec055189f9c7ee6ce371f399c1a67fe41a653308fcd47d86f90e
AgentTesla
e0af0be6801a112bc8cf51fc9d1bbef16a56c4d1d9d6c68f15557a21a3e54351
AgentTesla
+ 11'261 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaExitProc
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaLateMemCallLd

Comments