MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25
SHA3-384 hash: 58344f501a035206c76ef82a8ec0d7c026b74db2f3677f6cdfe871acdea6c4f701b9148e3bc38dc0701cfc9f79ed73ef
SHA1 hash: d749434ac01d570d8819c606831ec85b6a9efa7c
MD5 hash: 0de6e159ddf9e72594a9724acabfeb8b
humanhash: diet-maryland-may-eighteen
File name:pov.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'472 bytes
First seen:2020-03-31 04:39:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:DlQMv/irXIJ0wkj6FTB0TZqsB2YTkYbJoWTV:DNv/irYJo6MTZjVoWTV
Threatray 10'532 similar samples on MalwareBazaar
TLSH E354297C6B88B902E73D5D3689D1666012F2D4834E12CB0F6EC41FEC7F5A7CA294A395
Reporter JoulK
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 11:42:45 UTC
File Type:
PE (.Net Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a57xl3373mlghzymgpra3dl4iob7ue75svix7k4aep6okjv7hisq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1cc7973c22779e8815be094a5a9e47bb6b82b518071ead8ab9e4dff8848cd2b0
AgentTesla
61718d09d668491bf0ff58dfab3df987eb86008c6c79e4558dadda099ab68678
AgentTesla
71a70df5c7c67027b1dbb0f8681d0d2777aae7e86e1cbf6a6373b1b379b55a89
AgentTesla
7d8d00b43a36eab27afc82ec163ecf4b802f38c387fdda2274e1e17eb29fc83c
AgentTesla
86db284f34e0fbb2dce364102798bc1b62602aae606b2a6f772f2b79a39da3ba
AgentTesla
9d7bcb3e5e8b056065387eef6d1a9267965ed0b013ef8fb8140b4127cd8f16e8
AgentTesla
af090158e0913e0202e9e61d41dd891e697e1b2bfa59cdda2c81da1067ac5e79
AgentTesla
b72906cf963bcf4115a7d436a4768e76597524faf4a12f60fa42c2d59346b7bb
AgentTesla
d6b47a7728293728613b03f3e615897081f6f2b09efafa9b798bb3b9dcd0f283
AgentTesla
fdf1b1e0b2fe652c830aef407b71b779bd753f74addef636944c0224c12dacf4
AgentTesla
+ 10'522 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25

(this sample)

anyrun
any.run
https://app.any.run/tasks/9a08f07d-745e-4c5c-a0c4-ca5802381f8c
  
Dropping
AgentTesla
  
URLhaus
https://urlhaus.abuse.ch/url/332110/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments