MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f88360504d8d31ba8c9313f9237e0e0e65cce7670291fd948db57a8a21eb5df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA 2 File information Comments

SHA256 hash:	0f88360504d8d31ba8c9313f9237e0e0e65cce7670291fd948db57a8a21eb5df
SHA3-384 hash:	0df95a0a858751b0cb9f5d0b4996df2083076d9a3e9f4f4f518c2d29a972ff0fe5b598a074ade0e024276501121c4fca
SHA1 hash:	f5fe4ee5176a8c050512393f13b5cdd8bd8ac1d9
MD5 hash:	b421ffd49ad865f462427df1e06bbf4c
humanhash:	nuts-skylark-nitrogen-robert
File name:	New_Order_44601.bat.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	679'936 bytes
First seen:	2020-04-30 07:29:33 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f1924c7639cee3b8949964bf1a6e8d7e (1 x AgentTesla)
ssdeep	12288:xt/vCi7T1lwJU2rXlqPYfAhTlwQMUffuU0d2sU:7vCiX1L2zYP6cMPU0osU
Threatray	9'864 similar samples on MalwareBazaar
TLSH	E1E4AE21DF31C12BD3DF6D3099B8B96BF1589C1A990521C2D87DF78EAC7391278A502E
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.ProtectSharewar-2

PUA.Win.Packer.ProtectSharewar-3

Gathering data

Threat name:

Win32.Trojan.Fareit

Status:

Malicious

First seen:

2019-07-10 19:05:04 UTC

AV detection:

26 of 30 (86.67%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

2bd4a68bf90d7d007980c8c9a6ca3859507d6f8ad00c4d53b859ffe9e7311751

AgentTesla

3174e8d8ef60806faa8b1e19a54ad0d89912ad75bbe63af481c5007af6fe1ea0

AgentTesla

3460bddb22bbd2c03da5dbcc68e6ce1d54cfb1d5991196eff039acb093d96307

AgentTesla

5482f1f95375aaebcc192fa70c0027d2e6bdbf3a50efefa0a10fbb80b46e74ed

AgentTesla

7e60af333b52731e98a3c49c7e0ecca12d86c8277f4e6f8f118fd021beb5acbe

AgentTesla

b295967168e9fc2f06437a12689122301171650aa213095bda2c1260d8f3c607

AgentTesla

bccc23b47532cc1b95e61602152160960a31ae993aa85bf4f8448d8ea41212dd

AgentTesla

dc186623afc0375b9ebd176481a9f37268351cac07f2825b8221124ec7ac9edc

AgentTesla

e42e9a9d0222fd8eecd5b406ceb2ab65a9c965d9f3d5d11043ea84a69349f432

AgentTesla

+ 9'854 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_agent_tesla_g2 Create hunting rule
Author:	Daniel Plohmann <daniel.plohmann@fkie.fraunhofer.de>

Rule name:	win_blackremote_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample