MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd4b4799079cdd970eec3884bef4771624a55297086041fd4e7fcefb1a86d08e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd4b4799079cdd970eec3884bef4771624a55297086041fd4e7fcefb1a86d08e
SHA3-384 hash: eb1ce8f4944cf01a755b7e0cd044b4a38c85204fc46289e598c6a08d26f8e426a0f1ef209b74a926ab561cbc0e558ebd
SHA1 hash: 49674c5be88067daa5da5655bc13e2018a4252c8
MD5 hash: 6d5ed323ef55f7bd34bc193ddc8afe74
humanhash: river-lake-mockingbird-single
File name:COVID-19 Supplier Notice.jpg.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'909'248 bytes
First seen:2020-04-15 07:07:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger)
ssdeep 49152:nVg5tQ7aB/P4ltkbRQXKawELpEpIQkvr4rMgZo1Gpw5:Vg56WOt9XKawELpskvsYgWI
Threatray 10'922 similar samples on MalwareBazaar
TLSH 7995F12373DE8361C7B25273BA567B01AE7F7C2606B5F85B2FD4093CA960121521EA73
Reporter Racco42
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 14:53:00 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7vfupgihttozodxmhccl55dxcyskkuuxbbqed7kop7hpwgug2cha._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0b65d9e11e4f234aadd99ac25f0dcd8a57063cc3f8e2e98abb7e1efa1f9ac392
AgentTesla
37031fea4874b1ddcde5368e30c91c03b1f63c476fe1efd425a3fbc1f82f69e4
AgentTesla
4866525533264a3c6a8ff2492e5090f90e0985cb3217a329b25607864ad97683
AgentTesla
6842cd8b476e667a67288d2fbdd42c862ff440ad495dcedef493bc132e8ddd14
AgentTesla
6d58c8e531d65f5713f19a8caf7b6ac0f4ce25adf29a3b96aeee7de4045f409a
AgentTesla
6f297e7cd13f8c61812d94c95a79e704f16317c5ea23dc9bd475c57c2f87a303
AgentTesla
8fdc81efa6fd138b9f7dd2e95e957c5ffd1e1d31ed2d588b531433f4915f8ed2
AgentTesla
bc54652c9d21400491931b5276d788d60857f782af994de788d7506913fcf0ee
AgentTesla
c26f61c5749819705b74917da7ca941ea2db910d7af110d15d0a51455abe5497
AgentTesla
cc06bf1d6c719190c679bfff66818b8b1bb3e432c60bb52794fff9a17db22f83
AgentTesla
+ 10'912 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe fd4b4799079cdd970eec3884bef4771624a55297086041fd4e7fcefb1a86d08e

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::CopySid
ADVAPI32.dll::FreeSid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::GetAce
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
ole32.dll::CoCreateInstanceEx
ole32.dll::CoInitializeSecurity
ole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaWINMM.dll::mciSendStringW
WINMM.dll::timeGetTime
WINMM.dll::waveOutSetVolume
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AddAce
ADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::CheckTokenMembership
ADVAPI32.dll::DuplicateTokenEx
ADVAPI32.dll::GetAclInformation
ADVAPI32.dll::GetSecurityDescriptorDacl
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::CreateProcessAsUserW
KERNEL32.dll::CreateProcessW
ADVAPI32.dll::CreateProcessWithLogonW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::SetSystemPowerState
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
IPHLPAPI.DLL::IcmpCreateFile
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
ADVAPI32.dll::GetUserNameW
ADVAPI32.dll::LogonUserW
ADVAPI32.dll::LookupPrivilegeValueW
WIN_NETWORK_APISupports Windows NetworkingMPR.dll::WNetAddConnection2W
MPR.dll::WNetUseConnectionW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegConnectRegistryW
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::BlockInput
USER32.dll::CloseDesktop
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::FindWindowW

Comments