MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8fc1d1eb0d1c410871c40d42a0090f5123af39ab7f71176bda694db65bd48f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8fc1d1eb0d1c410871c40d42a0090f5123af39ab7f71176bda694db65bd48f4
SHA3-384 hash: 2b37660935ddf63f24a16ce83fd25dd24a5ff87e7ee25a06749ada484fdeaf6424ad14d20760a75ca10856932fa83be6
SHA1 hash: b799d0ad22bf3f1e7784b94fd3992e40e0344692
MD5 hash: 93caba0b0bd3c89a6fbffba26afdfbd7
humanhash: ohio-equal-iowa-december
File name:7a107500f9534d1d5d67f33a7870ce36.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:288'256 bytes
First seen:2020-03-26 15:40:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:llu8TzW5F6GkMAD+JduzAu8MVcD1WHEHbi:ljTzGF6zYMV
Threatray 10'468 similar samples on MalwareBazaar
TLSH 9B542A6CAB88B905F33D0D37D2D592A057B1E0C35A12C34F6EC44EFE6E527C9394929A
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1ai4-xtv18cSL_w-w98EqsSt19zcikNVv

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 16:37:11 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5d6b2hvq2hcbbby4idkcuaeq6ujdv442w73rc5v5u2knwzn5jd2a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
14dc3be5ce8ed2b8c0f9ec3a4e630c2dc9e613de58d8220e0b8d28fa51c6752e
AgentTesla
654218028f797e5c401cc31242000aaa138e3eb0f8a920b850dadc2b2bf8f807
AgentTesla
6c0b38fa49b1c1bfddfcd38e30dffba46647ab452b86e3842d477ac5c39c0ae9
AgentTesla
83457e2b8f9209ec1c987b1a0bee65140cc41d1d59ed38f1d1ad160ea0d1d13c
AgentTesla
9febcc1bd33e8d99991e5bc7fef902bf9cd8b19b01dc54a7a849dfeef17e0428
AgentTesla
b58e386928543a807cb5ad69daca31bf5140d8311768a518a824139edde0176f
AgentTesla
bf0608df4ec33356cccf0af528cb8272bae2d3e86fc46ef5b80da38c92e77176
AgentTesla
cfdbaad170a7847c77fedbe9535a37a6d1107259c8e80f2c7e04a6b2895e86e9
AgentTesla
e0bf0691f22474df863042a5635b47492ff19ea813a19e377a04ee01e5e6b87c
AgentTesla
eb18282566acfa61046f56dd07ef72397528a06b8765c6b033d5153bf9bee0eb
AgentTesla
+ 10'458 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

a31205daa7b35bb8c1679ea7c0c524070c4b6d54d2c4220cc72c30aadb3d831b

AgentTesla

Executable exe e8fc1d1eb0d1c410871c40d42a0090f5123af39ab7f71176bda694db65bd48f4

(this sample)

  
Dropped by
MD5 7a107500f9534d1d5d67f33a7870ce36
  
Dropped by
MD5 6a37c0f8fb96cff10e95a37312f22c87
  
Dropped by
GuLoader
  
Dropped by
SHA256 a31205daa7b35bb8c1679ea7c0c524070c4b6d54d2c4220cc72c30aadb3d831b
  
Dropped by
SHA256 fe67d5a078fc6a4107eded8cec33e353a8ea5df06b7f5c19c3704c53eb4621f0
  
URLhaus
https://urlhaus.abuse.ch/url/326935/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments