MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0f1cd67f7dc539f3bb1b8c454982131f418dc4d5cdb06215d4e2aaf8335e90c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e0f1cd67f7dc539f3bb1b8c454982131f418dc4d5cdb06215d4e2aaf8335e90c
SHA3-384 hash:	c06e1c866472b94948eef3b2bc63b8ed0f90ff36bfc999eee20c65ef1e0551a3f40a9432bcc305cb080d4b07bf9a8708
SHA1 hash:	5ff27c8d335735818c8d5145372f99fe954edf84
MD5 hash:	1f9a80d79f66245194e7119b8b2dc876
humanhash:	helium-colorado-texas-sierra
File name:	8e54023d1f671d04f0547d02dd4e9bb0.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	300'032 bytes
First seen:	2020-03-30 14:30:10 UTC
Last seen:	2020-04-05 22:25:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:oBu3UmRFaR+POS48lkbN4m1YDaMFyvh0eBacedH4b7oOT7:oBu3UmRFaRqohQaCyvHuQoOT7
Threatray	10'554 similar samples on MalwareBazaar
TLSH	2654297C2B88BA02F63D593389E1666052F194834D12CB4F2EC51FFD7F667CA284A395
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=12V6y47X25vGUobGdh3MhP792mjzbqlfV

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-30 14:35:32 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

28 of 31 (90.32%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=4dy42z7x3rjz6o5rxdcfjgbbgh2brxcnltnqmik5jyvk7azv5ega._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

2ac0c34c2f1ac910d5147ba24aeae1d279252a16f195aafc997215b4491b52f0

AgentTesla

430e12161cd33ef55da30dd43639bd7924009a568d7ad67513d0051f63ae26c8

AgentTesla

7c115cf42d017611699793d39f8e25ffb06f8ab6508ccf562b5ffd1b7fdb3779

AgentTesla

976174c0ffcfd0cdeea0a9dd962b995142d15a1cc831a42c68e7b3f928bd7c3a

AgentTesla

9805ed0ee686e0a163a974f023f944cfbd7a64009186501bfcc28ea235078ce1

AgentTesla

c823d50b276192b513011547b0be2bbb66bed47f06e111f03858e3a9d72f0d6b

AgentTesla

e9c66deea17bd72dd008c96d6ef671faa5ee2319f541100557093cff0bdc0dc7

AgentTesla

ea39c891ee5af5b1c5d76cb6cfb76cd18e160160fd1a5fe34deec0d240ec7a87

AgentTesla

fa52701034f5b40937afd001f26baf9a19b21cf44c5eb6f35f3b8afb41865efe

AgentTesla

+ 10'544 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

bfe84c38ed16e0f6874ae8e9e05501841d5a368f4b108c0808cd68fb2a998163

AgentTesla

exe e0f1cd67f7dc539f3bb1b8c454982131f418dc4d5cdb06215d4e2aaf8335e90c

(this sample)

Dropped by

MD5 8e54023d1f671d04f0547d02dd4e9bb0

Dropped by

MD5 02783ab9239bf219acfe484bf2a7d17a

Dropped by

GuLoader

Dropped by

SHA256 bfe84c38ed16e0f6874ae8e9e05501841d5a368f4b108c0808cd68fb2a998163

Dropped by

SHA256 6306e1991428ed28ac05a9ce9b5fedf47197913135dd3983f9c63494d5b540d5

URLhaus

https://urlhaus.abuse.ch/url/332240/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample