MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e33fd03e66a31d3725c9028e7ccf5c9118dbdecef0966df6610da20cda1abf19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e33fd03e66a31d3725c9028e7ccf5c9118dbdecef0966df6610da20cda1abf19
SHA3-384 hash: f1c5bffdb5462d5aba8c062505ec12d56540975794ee196602aa1f2ebea43e14adcd05b0a2c2e46f1b6760b859762fef
SHA1 hash: 940a14d668281622675fb1265fc6bc1a510c4cdd
MD5 hash: 88dabc51fd8dd4b2e10fa39251032c9b
humanhash: texas-california-cup-one
File name:e33fd03e66a31d3725c9028e7ccf5c9118dbdecef0966df6610da20cda1abf19
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'472 bytes
First seen:2020-03-24 07:38:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:MhAZTKigEmYmmTvm+oI6OfQI+fSacp6EQRUbIoOT7:lZTyOEfSxpYoOT7
Threatray 10'417 similar samples on MalwareBazaar
TLSH 46542A7D2B88B902F73D4D3289D1566022F194835E22CB0F6EC81FED7E5A7C9294A395
Reporter Marco_Ramilli
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-03-03 10:34:53 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4m75aptgumotojojakhhzt24semnxxwo6clg35tbbwrazwq2x4mq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0cf4378a60635fbed046a2afa593ac87c02b814cb0f2760fcf475d2abedfb12a
AgentTesla
127f5753ef588c1efed531cc35487a3ce68ed381f4da31aacafee7ccee38328b
AgentTesla
2a2776c178e2280e074980d4d710bd2e0584d2cdffdd105ecbb016fb7b47e1a9
AgentTesla
67280c8037e45ad089dd27b8c21fb346a03f49a2026a1c2c4eeef8d86cc00e9d
AgentTesla
7cf059a1d51541e4a746e4f8f624152801c40489e612bb46abd6a4bab26f6851
AgentTesla
8501b62ef01d0a8ffacb3e1c7bd13129fca8a621d00f14d81a1227cf6872c5fe
AgentTesla
8cf4d562d03815786cbd7e0fb3c18e5f7e257a216cb833b7e949a2c189ea79b4
AgentTesla
a215c693d52db997e4a64d302f976d4bccac373250c5c29650fe199d86e6db62
AgentTesla
cb87b162931d90a491b6f8a62c7e4f948f4940f7e7eb6547816a4965ae8a0ec5
AgentTesla
efad28e77822049d1d0c699c9b8531df0d053f57a332b7f7b1618e82e9f7484e
AgentTesla
+ 10'407 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe e33fd03e66a31d3725c9028e7ccf5c9118dbdecef0966df6610da20cda1abf19

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/321760/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments