MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2
SHA3-384 hash:	a6fdeb59b410582a7e923880c5ed2e3ef291485f2a432964b37287fa663426d7e99701c9352b268e6621dadd5471244d
SHA1 hash:	ae23a06dfd7c46eb9ff41649a045b44cc9da92db
MD5 hash:	bb1772f62eddb87570984a95529b38e6
humanhash:	pluto-spaghetti-seven-muppet
File name:	pg_cheat.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	4'075'520 bytes
First seen:	2020-04-03 09:01:53 UTC
Last seen:	2020-04-03 09:37:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'451 x Formbook, 12'201 x SnakeKeylogger)
ssdeep	49152:A6ByOvub0kLYmS+Q6fWBb3nU/HAU184yDlnjpUxF80AAWO/o3CYAP+oU80P8RDrc:gAkJSn6WBTnOAlALAoo3C9Uh0JgnA05
Threatray	1'033 similar samples on MalwareBazaar
TLSH	771612A3F5A001D5C46668B2DF758E90AD609D20C7F3E917E68D5D2FBD3F040A648E2B
Reporter	Anonymous
Tags:	AgentTesla exe RAT

Anonymous

Downloaded from https://mega.nz/#!8JVTxSbB!lmzSGjWfCxyGhe_MS9HGZa8CKW2prAcZgyUaO5Ayr1w

Trojan advertised as a video game cheat at https://www.youtube.com/watch?v=dG7nA7yDq4o

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.LuhePackedH.31559.7353.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Randrew

Status:

Malicious

First seen:

2020-04-03 09:35:42 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

25 of 31 (80.65%)

Threat level:

2/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

3e79be51a78170ac177641b8225b22d37548617800ea0362733eeadc77445b98

AgentTesla

43ed3081859def68a8b2ef50292e6d9dcbac7aea6ddb03de294fb9ed367c9f06

AgentTesla

6ec6d3425cc3bdc664f5938119469a2947ad061dac33fafbd303998c9311a254

AgentTesla

70f8a912b0343b177f6c04ea6a642dd85f68044728e5481e86cfe8311ed86e21

AgentTesla

8f60548d2cde9e0681d8609aef71f51c820073a2a70e75bfa0fa56e3890d94e0

AgentTesla

90dd2d39ffc0ebcf1db286191a316c833ddc3111337e1c05e3d847e03e67c377

AgentTesla

b5c7fbd5e805b6f1a9796c041be4f9829d2157e5b59a6608871511d045b8d79c

AgentTesla

b5e39716f576e5ff21e945560a98ee7ca7309491b2b7f2643728cd341b9c19de

AgentTesla

c7962bac550ffe20ff69bbcecea355ea9689fa1e76506d3d8343f1b1f5619706

AgentTesla

+ 1'023 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

exe 1aca49752cef2bb58d097e0ac96963e32f14e4e6b1e6e24e11125d1e9ef54cf2

(this sample)

any.run

https://app.any.run/tasks/0844f714-b791-49bb-9fab-7734d00e3733

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample