MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b40807dfedf1f90c902cd919c7bf04cd89896498b80de9c5b0ac02e2b3e6599. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	0b40807dfedf1f90c902cd919c7bf04cd89896498b80de9c5b0ac02e2b3e6599
SHA3-384 hash:	20aff42575d1395b41349f22485ac45478f525feb3912253a2566fbe2b30c10de9a8dc453e23a88c8e8945a19bccac8a
SHA1 hash:	b85f4405a75706c4ad866883657737f703e1a921
MD5 hash:	3dfaa6e0bd2aa34d7faec4875c1eb33b
humanhash:	blue-social-summer-green
File name:	Payee advise Updated value date due to COVID-19 Lockdown.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	447'488 bytes
First seen:	2020-04-21 05:51:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	12288:Ji2Knt2x4xQB4OT9ZvZE1JVhEmEO+OxgSnLeL3FnCwtJ:9vxYQBDbOPV5gSnLeL3FnfJ
Threatray	1'173 similar samples on MalwareBazaar
TLSH	4F9402853A1CCE6BCA7D09FA4597004813B5563DB6D1E7A94FC4A1D989CBBC0ED02EB3
Reporter	cocaman
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Agensla

Status:

Malicious

First seen:

2020-04-20 21:06:00 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

27 of 31 (87.10%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=bnaia7p634pzbsiczwizy67qjtmjrfsjroan5hc3blac4kz6mwmq._file

Verdict:

unknown

AgentTesla

48f98021c7012fa70c008e4ecb8fad8cb67b97adec64679d1272db94894ad7b1

AgentTesla

52cab28a79347f56ca7b663206bac0ab76bbbaf73677b130f19be10f03588db8

AgentTesla

7839460b77054cf1edfb515a1ce85dceb4e7d2478f3a3a5b17b145329c363fd7

AgentTesla

8a020281d5b475372fcf518c8f4a6b913b3a855c458996a9d7b525062ad736ec

AgentTesla

c0d4a668a6635ecf9e0615c78c0ca3914660dc84371d8f7128e0aa1f171d6b70

AgentTesla

d054fd7ff375bd7390235a1a8e48e162c3211d4e2f27040de4bc6ba1f0b0746b

AgentTesla

dc33c31a724f44707aad3dac53016c5ece4695b578ceda6869284c8b31324ead

AgentTesla

f1a88a44eec9d6180ffa1aa89d10058322ca585942a2b2ec9818d50678231b94

AgentTesla

fc68b20cefacc0d633887c5a6fffd67c71c14b17c44fcca495d2ce4bd5228d6e

AgentTesla

+ 1'163 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

cab b64a4a21b0bf2aea92c6bd3c908c4208e6a3ef41e52fb720e59302ff44538c93

AgentTesla

exe 0b40807dfedf1f90c902cd919c7bf04cd89896498b80de9c5b0ac02e2b3e6599

(this sample)

Delivery method

Other

Dropped by

SHA256 b64a4a21b0bf2aea92c6bd3c908c4208e6a3ef41e52fb720e59302ff44538c93

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample