MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 078c67a8252dfe41570becacfff128cfe41892cadf334f7cc54bf590be251f99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 078c67a8252dfe41570becacfff128cfe41892cadf334f7cc54bf590be251f99
SHA3-384 hash: 2cdf8e10b5ed55b1d5aab88e1df814267c52329b4f657eafa3b84777c1db3b1d126e4cf4c952bc1cb4bf96e3d0f6beab
SHA1 hash: aa2d5ea37ec77b7729bbc3dc846cb08ec7f823be
MD5 hash: 7104c51b30575a5982e06c532aded25b
humanhash: whiskey-william-lithium-winner
File name:Payment Copy_pdf.scr
Download: download sample
Signature AgentTesla
Create hunting rule
File size:780'288 bytes
First seen:2020-04-07 11:49:45 UTC
Last seen:2020-04-07 12:32:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:JL100mNh/1UFagXmo4Ri8FqbvN12HAKuj/3kOWD2:fFaymPRi8FyN1OAKs/yD
Threatray 22 similar samples on MalwareBazaar
TLSH CCF4CEC4EE87E909C16812F4D98ED20CC224EF096B96DE522B49F359257321DCCED6F6
Reporter cocaman
Tags:AgentTesla scr

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.34501.9881.15085.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 12:35:58 UTC
File Type:
PE (.Net Exe)
Extracted files:
20
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6ggpkbffx7ecvyl5swp74jiz7sbrewk34zu67gfjp2zbprfd6mq._file
Verdict:
malicious
Similar samples:
11bc884254e626c8052bd409d4b12f9a509770e0818bf4f8eb6925b1c756c4a3
AgentTesla
1ba58755718a8f0d5959c93b672ea00ff08a5c5274e24e90af00f383c4886482
AgentTesla
2a254dcb87e159b1cbc69f3b57521cbd423b016d0ec5310b4b81ba254cb9d7dc
AgentTesla
3af75844da3783e0800e1118c738e938c395d6fae845bbb8cd7f0bbb10c72838
AgentTesla
5fb3c9a42ded740fdc4f9329592f9bc151b184e052cb17ee3e084e3f23e86465
AgentTesla
6128357f81ebdcaed7e73757f223b9529ce8bd92b39cf5faa976fca0b4b25c2b
AgentTesla
68023ea49be4cba35a3fbf6b636b2a0e019b94108b0acf0af26489d7ea04ecd9
AgentTesla
8bcdf38413b8a324719ce8e1efcd1918ea10439cc2e5bc4d5582d5f0e1ac695d
AgentTesla
c284a2e86b82dfd1150e8ac123e2e17cea5ab5766eb552eece73ade72c10c9d5
AgentTesla
c3caec952f2b019b54e04ff03e37b8ce818d1ee94cdcba4f11b5a8b513222745
AgentTesla
+ 12 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 02c75b085d1821790cccb4374d1855bba3bc80b68799fa539e028b99fe7d9157

AgentTesla

Executable exe 078c67a8252dfe41570becacfff128cfe41892cadf334f7cc54bf590be251f99

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 02c75b085d1821790cccb4374d1855bba3bc80b68799fa539e028b99fe7d9157

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments