MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d6d77c271f43365b306b4b1604d5bf1d9a657d7b68c142da9b34ce9ef9f50da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d6d77c271f43365b306b4b1604d5bf1d9a657d7b68c142da9b34ce9ef9f50da
SHA3-384 hash: e68dbc2e4601f38eef74c2f75822d6d2cf2b3da9a5f45f608b5fc2da409844a7c4bce54848979f13bfc16eae427dc1b2
SHA1 hash: f6432857e9a8c951a5bceb7a3e451c86593823bd
MD5 hash: 5805f7fb4cc03415183dcbd2e195d185
humanhash: apart-earth-yankee-finch
File name:0d6d77c271f43365b306b4b1604d5bf1d9a657d7b68c142da9b34ce9ef9f50da.bin
Download: download sample
Signature AgentTesla
Create hunting rule
File size:332'288 bytes
First seen:2020-04-03 19:26:43 UTC
Last seen:2020-04-03 20:31:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'650 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 6144:ryp4aqQbUwNbtkjPtmnXAjGyikhWxlKwMqJL2womEFMSCavuD/qBJp:rKqQIwDkp4+BWKwLJJwHNht
Threatray 1'681 similar samples on MalwareBazaar
TLSH 5D6401C4D45A3298C2F34F794AB65B89877D92077C8DEC7ABACE501107E61C2DC8379A
Reporter ViriBack
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.MSILPerseus.212163.20042.26789.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 19:35:57 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvwxpqtr6qzwlmygwsywatk36hm2mv6xw2gbilnjwngot347kdna._file
Verdict:
unknown
Similar samples:
1d492bc6d7dd22a0ff5c75a3cff6a19629a0179b27b15045bb7893439fd91ca3
AgentTesla
248c48ac7b4b0c17d6200aa842a5e5c7d095d8573745472d7542ff3c4291c68a
AgentTesla
66552856ca289e837ad5cd8c43db7aaef31af50cad3997854491d506c3948c18
AgentTesla
6824c4afb5e56e0c2b3e0b89a4acde70bcc2bd792334a6600225e623162ae621
AgentTesla
771e1fa33b07cab386e1c9ca1a6a264a68bfbcd1b17fa4252a836ac4cd165e0d
AgentTesla
7910fbd27cb1e4fd04a3356d45036821ed924ef1b8de3117d677be4938cb5140
AgentTesla
9702883830d4767241127d5112ebf1ed7c00731dc387d278f563d882347f2a6c
AgentTesla
c84d0a9a9ee6556b5bb064012e81e18dd510127e531b00f995b0ace01165d15d
AgentTesla
d326b7ca6b3ce11c8e23ef882b9b197d437366c03f14d51b0bdd2ff434f29bbc
AgentTesla
ebc28d320cd55a376a0a3562417c47098d9468210abe553ac836b0a679131b39
AgentTesla
+ 1'671 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe 0d6d77c271f43365b306b4b1604d5bf1d9a657d7b68c142da9b34ce9ef9f50da

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments