MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f70e14a49f9ddfaaf531f422e34abf77c5d856f9cfd6b7cb45609184e40f10bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f70e14a49f9ddfaaf531f422e34abf77c5d856f9cfd6b7cb45609184e40f10bb
SHA3-384 hash: 61f6bf892aa3cca856e72599493aab854d17b93eff035dd8e6093cc9c007677a8ac1fe403c2a8cfb7da22a3883bae37c
SHA1 hash: ecd31d48bab94d3a3e942aaafd55f610e1f21c98
MD5 hash: 5e68937f86ca22fac37b9fdb1d0c496a
humanhash: emma-kitten-sweet-kentucky
File name:product sample.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'880 bytes
First seen:2020-04-13 07:28:22 UTC
Last seen:2020-04-13 08:42:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:ecAQ83TP4PPmRH1QF2fjBjHB+kz6lVhCV21w32JV1M8wEBHot1ms6IRc/W7/qpt6:D/UTP4PYHO0JTzxIOuV1MEhwBRc/gw
Threatray 10'601 similar samples on MalwareBazaar
TLSH 1194BF283AEF501DF173EFB95BE875D6CA6EBB333606A41D2092034A4613A41ED9153F
Reporter cocaman
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EIJA.8765.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-13 07:35:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=64hbjje7txp2v5jr6qrogsv7o7c5qvxzz7llps2fmciyjzapcc5q._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0c902be8109374df73afc935a576dc0160e537e1f9c7b7f9575797df6a772d26
AgentTesla
1f5f22781219094d138082decc3159a6874bbd606ed39c8bee9b64d104fd1c20
AgentTesla
7839460b77054cf1edfb515a1ce85dceb4e7d2478f3a3a5b17b145329c363fd7
AgentTesla
9945676abd2ff8ebfce9b168cc13197c42d27f2e3644361ebad0388427719aeb
AgentTesla
b8fa17693cfb727de11589fd50bfe87ca6b79f361e90301fe81ef9dd08e11e01
AgentTesla
c1efde1391240715573d8b65bca10e0ee302928440521ca1c138265fd6911e44
AgentTesla
d46a237de8dbad0163bd0ba95245251bc85d311f38753f2fc0adf8d436643f14
AgentTesla
d62d8662b27ebb8db5b439aaae7ae0d3fd86d83a458fdef6752dad9576038da5
AgentTesla
dba18c9e1704591fe1a96b251fdeb88e3b9d73acc49b2269dbb05f1ad065fa03
AgentTesla
f875b63a737551156a8c5be8e14ca8952f5867e02b9745dbbf833326fc5d5cd1
AgentTesla
+ 10'591 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 5bcb5df7d28d594a32d8d6ac4e0a6d6585a6e7f9564d4f799fdb34d45f74c2f8

AgentTesla

Executable exe f70e14a49f9ddfaaf531f422e34abf77c5d856f9cfd6b7cb45609184e40f10bb

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 5bcb5df7d28d594a32d8d6ac4e0a6d6585a6e7f9564d4f799fdb34d45f74c2f8
anyrun
any.run
https://app.any.run/tasks/a73a9bc2-4d68-4a7f-982b-c333c3ab3327

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments