MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4efb498ca0db100d4035ed13792789fe96ec158561fe3348149202e57e64658. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4efb498ca0db100d4035ed13792789fe96ec158561fe3348149202e57e64658
SHA3-384 hash: 70b85bfbbc7272465fe9c2cdf5a252599e332cd7e72cb0f1b154b81caa5140a64d14584ee64601e5988f9a8c1c6b8e3c
SHA1 hash: 5874f1f541e2706e5b220af21b3b1775e726aa8f
MD5 hash: b7ff448daea51844ea443ff015ff4c7a
humanhash: fruit-bravo-magnesium-jersey
File name:NEW ORDER RFQ 2020269AS.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:450'560 bytes
First seen:2020-04-08 10:06:56 UTC
Last seen:2020-04-08 22:29:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:33wTVLLzyEDRa4H2FGWT0kxXuihVQJqJNjN:HyLLbo4/NRSV2QNJ
Threatray 81 similar samples on MalwareBazaar
TLSH 26A4E1007B7ABB62E63987F6052552560FB136AF76ACF3180CC7A1EE1475F5049C2E2B
Reporter c_APT_ure
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
5
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.34118.26461.4180.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 06:38:02 UTC
File Type:
PE (.Net Exe)
Extracted files:
21
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4tx3jggkbwyqbvadl3itpetyt7uw5qkykyp6gnebjeqc4v7gizma._file
Verdict:
unknown
Similar samples:
06920e2879d54a91e805845643e6f8439af5520a3295410986146156ba5fdf3c
AgentTesla
2b81a2cc0451fca4a1b221817b24e0b15e982d4d55e2c0a444056002d2bd83c6
AgentTesla
75bdc371b036b0305280360996f8b060f89b1aa6e840f0fd96afd2bfba151104
AgentTesla
85af9324bcb91feff48269715b19581ad8ec3ea6476644fd8676b2391bff63c1
AgentTesla
8fe5bec9866c6834c9073e34a18919f4590d20bedf92e6ee3775931d3aa6dc1e
AgentTesla
9c127e6452920ba3691a6def9002058e51ef1897413e453c044fb47b75f3552f
AgentTesla
a2846e83e92b197f8661853f93bb48ccda9bf016c853f9c2eb7017b9f593a7f8
AgentTesla
eaf438c55827cdc66854335ddd88907d8cfc389a4ddf02f8bfda152e5b1766a5
AgentTesla
edc66f02786cde09a0f5a3481ff8286b94477537373b7edd71b4670542a98f1b
AgentTesla
fc2726e2dfd571543def4f0a6398039251f97bf7a317d035c4c21846cd99bd6b
AgentTesla
+ 71 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe e4efb498ca0db100d4035ed13792789fe96ec158561fe3348149202e57e64658

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments