MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 420d2d11f2a47d6001c52c27be90bb4c1221242af9b5c44381d0012e84aa75b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 420d2d11f2a47d6001c52c27be90bb4c1221242af9b5c44381d0012e84aa75b3
SHA3-384 hash: 0e07c5a8551440fad486957ab127b632d7feaf7213155ee410ea07286c7740d5e22178a2df38600d5474126743a03590
SHA1 hash: 22badabc1a5751955b0bbb28f22dadcb7e0b8f72
MD5 hash: fd991bcaca8b8a86db1ddf618f39d7a1
humanhash: east-black-winner-music
File name:PI NO2020TD24.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:406'528 bytes
First seen:2020-03-30 05:23:46 UTC
Last seen:2020-03-30 11:34:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'753 x AgentTesla, 19'660 x Formbook, 12'250 x SnakeKeylogger)
ssdeep 12288:tgbiq2Fxuw9g/yeggfBqmUOHc9qeX6gl4:y2juwaJXpq8QKgl4
Threatray 326 similar samples on MalwareBazaar
TLSH C1841219E389141FDD7A08B8D46322D5A3789A1173C3FBA79FE0F4E429AB7C086494D6
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
4
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.45940.15049.5261.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 22:34:21 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iigs2epsur6waaoffqt35ef3jqjccjbk7g24iq4b2aas5bfkowzq._file
Verdict:
unknown
Similar samples:
087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608
AgentTesla
1a7fe9f45a80c2dae0237cc9aada201d3fa5eca08bfbc297e48f22faa35f131e
AgentTesla
4b8b49bdfa435d0faba2e3964b04e20bbfc86aa4ffc3c3b8e1449894892f125b
AgentTesla
5ca99517ae76972d3dab6e51515a57e15e75e7bb7c3a7e16228f770fcc7833e9
AgentTesla
80e321d63e5c084fbd8c213f315e9eb7e56b7fffdbeb48c2c35f9e172bba9c36
AgentTesla
903ceb802bdb0a58f173f1d9e369d10fc14378232400dc2cb0d14377c5f4a4fe
AgentTesla
accddeb954844341b87c006344f21c50757cd228d2f071d39e8707209b1a49f9
AgentTesla
af090158e0913e0202e9e61d41dd891e697e1b2bfa59cdda2c81da1067ac5e79
AgentTesla
c48ab81f93ccd69c6d2b796cb4f431db97179480bf6251b715347b0b32dd500e
AgentTesla
fdf384c1cbcfbcd1bbb814f9d80ddcc4d2b3c786fda29c3a48ef7cde8f08d78f
AgentTesla
+ 316 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5fb2969a871dffd11e4b86d2a73c489b8e5e9e92997c1e0b61902701b5956d7b

AgentTesla

Executable exe 420d2d11f2a47d6001c52c27be90bb4c1221242af9b5c44381d0012e84aa75b3

(this sample)

  
Dropped by
SHA256 5fb2969a871dffd11e4b86d2a73c489b8e5e9e92997c1e0b61902701b5956d7b
  
Dropped by
MD5 967c6cb147e5228495e8507f2b50c296

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments


Avatar
commented on 2020-03-30 11:35:06 UTC

COVID-19 themed malspam distributing AgentTesla:

HELO: sourceintelligence.com
Sending IP: 185.118.166.15
From: WANKAR, Ninad <circor@sourceintelligence.com>
Subject: COVID-19 Update
Attachment: FM_SCM_1.zip (contains "FM_SCM_1.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587 (77.88.21.158)