MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04ae85cfa28c705da3cac256912d78bccebaeb98a9639b3d00f38921f4cf1410. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04ae85cfa28c705da3cac256912d78bccebaeb98a9639b3d00f38921f4cf1410
SHA3-384 hash: c4fb3e907d74812808f76a32beafa57ad49baec24f911992bd002269bb622a105dd6b70b0b3384c907c05023212967b7
SHA1 hash: 34d56d18cc537336bc8bb85738467edf864b4b84
MD5 hash: c416ec9a6852005cbd8a0929b7ed0d5a
humanhash: twenty-maryland-johnny-indigo
File name:SecuriteInfo.com.Mal.Generic-S.29375.31682
Download: download sample
Signature AgentTesla
Create hunting rule
File size:366'080 bytes
First seen:2020-05-01 20:36:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 6144:+I9z/28DinFpEnQDC6urG5rIqstd4qET3MpN1zaXcM4fs:/ARDCleZEdzd7z6H4
Threatray 24 similar samples on MalwareBazaar
TLSH 11740111A78CDA27C2EDB9B855F2A3841276CC6776A1F7CBACD932F54846F000A356C7
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.29375.31682.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 03:51:12 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=asxilt5crryf3i6kyjljcllyxthlv24yvfrzwpia6oesd5gpcqia._file
Verdict:
suspicious
Similar samples:
0784858faba61fdacdad3f9dce2a0803147be628aab9eeb2c8de0663010cd263
AgentTesla
27fe9d4d96f3a9d7061662925a21077a0a8652b0c5c1263c1f9d9558680686d8
AgentTesla
5969cc370c2929ff7126536d7305f923a2ed66427932ede1b6ef21a7918c9b53
AgentTesla
5d3c65ee71f5ed252540489c16fa247131265123b6315730c4ab00810c5cedae
AgentTesla
6a4efc4c1ee2d1d75fa9170ef7dcdbb146d27bc94a969734318abf4290d90152
AgentTesla
73a0eff4b25b824af4b6600db0f637f991b45b0945c9385fd6e7eca289b7e5ed
AgentTesla
84cd847f2f244fc4f45d9ea1615018fd478f601e455236b6c662aeb94064004a
AgentTesla
a32036a66a060f3592f621d1181683d2d07682815f43dbeffef771bb50776ee4
AgentTesla
d74d317525370d236775019f2ae386c688f7200500eead8553ef0d23116d75c0
AgentTesla
e7f1edbadee13fa42d4ad8b0030dc5f326c942b55a29f122a8651260d7cbceb8
AgentTesla
+ 14 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Agenttesla_type2
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Create hunting rule
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 04ae85cfa28c705da3cac256912d78bccebaeb98a9639b3d00f38921f4cf1410

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355700/
  
URLhaus
https://urlhaus.abuse.ch/url/355702/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments