MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1059bb805df6a3bf99410c7a5df4e56bbbdd698b8c6c928ba4e42327e61e235a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1059bb805df6a3bf99410c7a5df4e56bbbdd698b8c6c928ba4e42327e61e235a
SHA3-384 hash: 5bd75d56ee479519a2d70995580990e6ce95b1a636d4e2bf43c28bfd021022da7c737acd437680c04fa1782eb2f4da68
SHA1 hash: 9f2d5da73753ffc51ad99a2ff5edba92ad35fe66
MD5 hash: 8708eb0175ddf34d000c07561ed4e491
humanhash: sierra-michigan-louisiana-sierra
File name:bd93266ce129695b3cbfcc52f2d936ed.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:293'376 bytes
First seen:2020-03-27 10:20:16 UTC
Last seen:2020-04-07 16:30:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'643 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 6144:MINLNtvPwiENAVQPZQqM3HxZL8B7/98xBKjMeSSQoK3Ib9mWTV:MInZciVQPfMk5SSQsmWTV
Threatray 10'362 similar samples on MalwareBazaar
TLSH 61543A7C2B88BA02F73D1D3289E1167012F2D4934D12CB4F6EC51EEDBE627C9691A395
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1pup_129omynKlz24JaTUGf24OugJfuKX

Intelligence

File Origin
# of uploads :
3
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 10:35:26 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cbm3xac562r37gkbbr5f35hfno5522mlrrwjfc5e4qrspzq6enna._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0f2ed94f7ce73623cc14daf630cd853c2618b09543688d15bf63e735564b1da8
AgentTesla
20a94eccb531b9e7db7c2f15b4b02661781688b26407d8cad53ed9c3e1b16f88
AgentTesla
567f22426e22e1fceb68ea504857023c61c7f33f1fa744f8e5b7723094443914
AgentTesla
8daf58146648177ecc0b8da2ee4068ef7886065792c7f6fa9eb03fc77c041e83
AgentTesla
9507af5acd54cac5dce6b2dd74a9fa04b34b0cace818d339202c4f354bf0ffa2
AgentTesla
9926f8cdeb4894246b7db658d899feccfebcd4dce0cf55616712813cee8575b3
AgentTesla
eb18282566acfa61046f56dd07ef72397528a06b8765c6b033d5153bf9bee0eb
AgentTesla
f20b3dc32d42f2f1a64414b5932cc0cb7baf99356445a770a80bf7bed7e144a8
AgentTesla
f6e9e7b2c851a45cf6cadddf0d3481033fc84e0d6f1bbf817f70cb2b837aeecc
AgentTesla
f9f31397ba8280e1f9b561cbead3a1d3c96eb95b42b492274b3d5804cc84d9b0
AgentTesla
+ 10'352 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe 37991980ed910dd02716c5afeaba0042ae5c68f1b37acd037df9aaa6c181c4c6

AgentTesla

Executable exe 1059bb805df6a3bf99410c7a5df4e56bbbdd698b8c6c928ba4e42327e61e235a

(this sample)

  
Dropped by
MD5 bd93266ce129695b3cbfcc52f2d936ed
  
Dropped by
MD5 2ed8f19c0c26523384f043fedda3759a
  
Dropped by
GuLoader
  
Dropped by
SHA256 37991980ed910dd02716c5afeaba0042ae5c68f1b37acd037df9aaa6c181c4c6
  
Dropped by
SHA256 3e175031a5225eb169dfcb9b26ddec8b5be135da22c8244d57000a7fad3a71c2

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments