MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 258f639bb18608c2ddbfd024846bb56f50b253b1c4cae3298e65fd7e17d04643. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 258f639bb18608c2ddbfd024846bb56f50b253b1c4cae3298e65fd7e17d04643
SHA3-384 hash: 2fd0d2a628547d83c71d40b1353161ffad11c82f2982c4ca4814175c5cdcdec6b682a060abb8bb9a2d780036a2dcfc9c
SHA1 hash: 5b3e2321f0cfd40aa2c1e093423a27f981aa1d83
MD5 hash: 53926745b4613270531b354552353811
humanhash: pip-oklahoma-shade-oxygen
File name:dcfa36f821aebfe193f8faa10f04beab.decoded
Download: download sample
Signature AgentTesla
Create hunting rule
File size:284'672 bytes
First seen:2020-03-26 13:42:13 UTC
Last seen:2020-03-27 11:45:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'653 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 6144:bZceOdk202xLyMZSLo/JbO88zTTJhJpLBbo:6eOdDZmciok8STVT
Threatray 10'554 similar samples on MalwareBazaar
TLSH EB54189DBB48A902F33D1D36C1D6926053B1E5835A12C34F6EC40FFA7E567C9384E29A
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
http://biendaoco.com/wp-content/plugins/revslider/admin/EERUI.bin

Intelligence

File Origin
# of uploads :
4
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 13:48:10 UTC
AV detection:
31 of 47 (65.96%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewhwhg5rqyemfxn72asii25vn5ileu5rytfogkmomx6x4f6qizbq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
02ad360e618d817b9a5da264704a5dfbf337856ea20bdfd471446e0a8fa27036
AgentTesla
2abb263f721b539317768af1459c89c8e72bc352a8219b9d618569616caac045
AgentTesla
3763c0bde1d8eb2943f3fbf10ce25d2360f1200993f28b3951522f9f455f8970
AgentTesla
3aedf2b9413bb9eb0af9daf292e5461a910e182ab9b30debb814f769323a85ff
AgentTesla
449405001febe80d0cd55e1f11f6c4b9af01744821dda0133711d54fc4905e26
AgentTesla
7cf059a1d51541e4a746e4f8f624152801c40489e612bb46abd6a4bab26f6851
AgentTesla
7dcf74ef421a57fac957c783af2b28e5fe6b13aff4e709edd1fec8f4c3ff7e63
AgentTesla
a6290ccc075d6f4d66eb6bdb5a1e36ef943eddeeead1460e9089564580f36271
AgentTesla
b5cc6999416a62827fc86dc9b6a3f5b0ee3546986af845722ec0d019c8c30f6b
AgentTesla
c148d7544c90541afc565d03219b8c579ac18a52b1baa3e70eb22bf12cc9a96e
AgentTesla
+ 10'544 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

099a281f51755c435f39ca1555992f647d765b3a74b1f08cdf50e66e24d84d96

AgentTesla

Executable exe 258f639bb18608c2ddbfd024846bb56f50b253b1c4cae3298e65fd7e17d04643

(this sample)

  
Dropped by
MD5 dcfa36f821aebfe193f8faa10f04beab
  
Dropped by
MD5 2f798bb57489bd03facb5d67207e1e34
  
Dropped by
GuLoader
  
Dropped by
SHA256 099a281f51755c435f39ca1555992f647d765b3a74b1f08cdf50e66e24d84d96
  
Dropped by
SHA256 1fe55809ae39d39f62a6f93a750228ce49edd10903a91ae96c48b94e115e6945
  
URLhaus
https://urlhaus.abuse.ch/url/330295/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments