MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24c4e51ee934c21ec17a004240a27fa0891ab15e35df1098fb1d3e669a0d9ead. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	24c4e51ee934c21ec17a004240a27fa0891ab15e35df1098fb1d3e669a0d9ead
SHA3-384 hash:	abe60182c43220b099d23135dbfb06f462936fb4f12abdcc5dce64a1c712a232c19a97c27f937f6565d6c0112cb54dde
SHA1 hash:	eda03cbbc072569937955caf40e3a4b549357823
MD5 hash:	917fb8ab3355c6fe16280cea0330955e
humanhash:	bravo-shade-california-bravo
File name:	RFQHT5009_pdf.scr
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	924'160 bytes
First seen:	2020-04-30 10:19:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep	6144:Ff6Lu+B4wh01L5cJHteRz7RzX6dyLJfYk23WKkwYT2ML7Sa13hVJxMSBbR0h4gGb:FfPR5cJmRX6dyJB23jcrmUV9ggh8Wu
Threatray	18 similar samples on MalwareBazaar
TLSH	E215BED0FE9BD009E1256BF4D99EE14CCA29FF4A270A9D0D2944B30A163274DCCD92F6
Reporter	abuse_ch
Tags:	AgentTesla scr

abuse_ch

Malspam distributing AgentTesla:

HELO: slot0.en-plasnic.com
Sending IP: 89.32.41.129
From: THOMAS D'SOUZAt <maxpro@en-plasnic.com>
Subject: ENQUIRY REF:NAT/RFQHT5009/4-30-2020
Attachment: RFQHT5009_pdf.img (contains "RFQHT5009_pdf.scr")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-30 10:36:40 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=etcokhxjgtbb5ql2abbebit7ucervmk6gxprbgh3du7gngqnt2wq._file

Verdict:

unknown

AgentTesla

40c2c761bdc8603d5bc7c0ef1668a16b7a6a9de062268418e53c8b399fa33adb

AgentTesla

4877df324375a116062963d9905fe55952f405b0837b6f517cea9fd040932b84

AgentTesla

5004ddebb8208233115a8d92bfd8c710935057d24c64e06e46eb91d39e72398a

AgentTesla

70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536

AgentTesla

799e7b4209f8eaba177033adfeede982f04fc78671aa15d64e57d82b9040a92b

AgentTesla

7eb32bdb92a9768dfc8f30f22365aaac0d57931a77bffd71eb928f72dcdeab1e

AgentTesla

a90e37c7de58a0fc3d94a5450340daf5b37da566125c3f8ec21bb3d66a457226

AgentTesla

aac1c7cb39b8c4aaedfeba2909f4128578c4a20015c8029a2c6d1e85d4987244

AgentTesla

d8df9c022a03d7da5ca463e2cc64eac786733a6970635e2e131b7763af1d1984

AgentTesla

+ 8 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img ed876a58da2c60da9cb69491a813971f310f8ad69366b21e7c4976df7850edb4

AgentTesla

exe 24c4e51ee934c21ec17a004240a27fa0891ab15e35df1098fb1d3e669a0d9ead

(this sample)

Dropped by

MD5 5d74496a8af0d3ed0810c18755f2e899

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 ed876a58da2c60da9cb69491a813971f310f8ad69366b21e7c4976df7850edb4

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample