MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 022464e0212ba39ca309b3a853a7fd5cfcb39a2b69799ade0289deefdec74709. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	022464e0212ba39ca309b3a853a7fd5cfcb39a2b69799ade0289deefdec74709
SHA3-384 hash:	765d00a86466c4067fbfeb8335b0a1d9725a6067d5bbc82614055face67940f8f606d96168abf9222d3d289ada555c3d
SHA1 hash:	9cf526b654ac5f013b75d2ff2fc3177681ca345b
MD5 hash:	1df32cfbd8a74d2e93d43c871fd5e51d
humanhash:	nebraska-two-oxygen-victor
File name:	9683bf93bdc4fcb8454af0ffc7ed0dc7.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	297'472 bytes
First seen:	2020-03-26 15:45:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'743 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:kRm+oOkF8yrreGOIc45fn7bpjaMQVX30RhE633Ch1MXrbYoKTV:FOryrreKc4JpY3IhT3KPoKTV
Threatray	10'428 similar samples on MalwareBazaar
TLSH	56543B7C2B49B902F73D5D3289D1666012F2D4874D22CB0F6EC45EED7F52BC9298A386
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1XG9a1rAJRWjbBc1-r09rsAAHr5qPf-xK

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-26 16:36:37 UTC

File Type:

PE (.Net Exe)

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=aisgjybbforzziyjwoufhj75lt6lhgrlnf4zvxqcrhpo7xwhi4eq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

20a94eccb531b9e7db7c2f15b4b02661781688b26407d8cad53ed9c3e1b16f88

AgentTesla

47eb4409fb5abc4ddcdf8efff5bdf200ee57ebab347601d08c1853c41d88ebcc

AgentTesla

89a919f3a26f82f9833fe98b28bf824e788d534d35073c491e0cb7efe05a36dc

AgentTesla

8a5f9b060b9ea5ff21a5b1654836935d779ea8868d8f6d49bff50074ddfcf8dd

AgentTesla

8f9706ae3291a23f41bcdc0b9248389d39480087c2394cc249d45f30619441c6

AgentTesla

95708fbe180a43fbef0014d207456fd8812cb202d77e1078c466ca474e38c7a8

AgentTesla

b36dc13aeea5e74853a0bccb69f122d3476fafbf5639b8b80d21bab83ca0e781

AgentTesla

bf226819f73da9e080a83d692905eb049f0e75ea6682e2484607f23a4401ced1

AgentTesla

d91349a250737beb2a850a17934110dc7e474d395628252980ada6c3a6906d1d

AgentTesla

+ 10'418 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

exe 732c9c7757dbdf97e70c6596800795a74c53315704e95a97461e5c2a28d97e3d

AgentTesla

exe 022464e0212ba39ca309b3a853a7fd5cfcb39a2b69799ade0289deefdec74709

(this sample)

Dropped by

MD5 9683bf93bdc4fcb8454af0ffc7ed0dc7

Dropped by

MD5 d5fa9b4642ffcbf75fd78066700932fd

Dropped by

GuLoader

Dropped by

SHA256 732c9c7757dbdf97e70c6596800795a74c53315704e95a97461e5c2a28d97e3d

Dropped by

SHA256 8450498d10664a58e15c45aef629a41946f7bc6a19a6084a2d7508e40afc0cbe

URLhaus

https://urlhaus.abuse.ch/url/328910/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample