MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9f31397ba8280e1f9b561cbead3a1d3c96eb95b42b492274b3d5804cc84d9b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9f31397ba8280e1f9b561cbead3a1d3c96eb95b42b492274b3d5804cc84d9b0
SHA3-384 hash: 270bfb911a327949fcb23252040056709b3bb78f8221f1529b78a5d858c1d4a3b90dccd49d694dd7cbc089c7f07fc181
SHA1 hash: c5caddbe9a2b48ebd71303776764f6c44e259103
MD5 hash: 34e762f33fb08a38e25da86c763ff16f
humanhash: sweet-pasta-apart-asparagus
File name:f9f31397ba8280e1f9b561cbead3a1d3c96eb95b42b492274b3d5804cc84d9b0
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'984 bytes
First seen:2020-03-23 18:55:22 UTC
Last seen:2020-03-24 07:37:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:zx6UmidQAbe1hJeW45NGxJPP9h1zkDMsv2fnNibBVoyTf:zx6U/Je1GbGN6D1vtoyTf
Threatray 10'361 similar samples on MalwareBazaar
TLSH C3542A6C2B88BA02F73D1D3249E1666022F1D5834D12CB0F6EC55FED7F5A7CA681A385
Reporter Marco_Ramilli
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-11 08:39:02 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7hzrhf52qkaod6nvmhf6vu5b2pew5ok3ik2jej2lhvmajtee3gya._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0b65d9e11e4f234aadd99ac25f0dcd8a57063cc3f8e2e98abb7e1efa1f9ac392
AgentTesla
4b8b49bdfa435d0faba2e3964b04e20bbfc86aa4ffc3c3b8e1449894892f125b
AgentTesla
6d58c8e531d65f5713f19a8caf7b6ac0f4ce25adf29a3b96aeee7de4045f409a
AgentTesla
8e26ebee195d4120b62cece46d79a74989b899f3c7bda83a14c5f273cd3f098b
AgentTesla
b72906cf963bcf4115a7d436a4768e76597524faf4a12f60fa42c2d59346b7bb
AgentTesla
bf0608df4ec33356cccf0af528cb8272bae2d3e86fc46ef5b80da38c92e77176
AgentTesla
c0a0b1739cea0a7e3eef1f59c9e9c437891786345306fb841c4980a1d57002f6
AgentTesla
d5e06bd5b182c263e985c253a6074e4b538a96c1299f6e2f528d90bfcf15c5e8
AgentTesla
e0bf0691f22474df863042a5635b47492ff19ea813a19e377a04ee01e5e6b87c
AgentTesla
fdf438f4554b9b5184dad63af814f9acd88617df374a2e618294523f1cb7e350
AgentTesla
+ 10'351 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe f9f31397ba8280e1f9b561cbead3a1d3c96eb95b42b492274b3d5804cc84d9b0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/316960/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments