MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 20


Intelligence 20 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
SHA3-384 hash: a4a8dea8fb3dffd94f915078d1aa6fa86760e9cdfdefe4a44b1db381156ab43db2b9e176416974b38810f0d4967a0757
SHA1 hash: 52583149e44eb42ca8b9322a7216b6eb22717162
MD5 hash: de27d5d7627ad1b480e42c6feb3ef4f5
humanhash: quebec-cup-fifteen-crazy
File name:420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
Download: download sample
Signature AgentTesla
Create hunting rule
File size:598'528 bytes
First seen:2024-09-03 14:00:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'597 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:oErlAypLIe29k0bB4VmjqPgl29WbtyLmEWdZg7dkraTD/Ml:vAypyB4VmGb9WbcV0g7WraTr
Threatray 4'317 similar samples on MalwareBazaar
TLSH T1E9D42379A9484463D7FE27BBA416651183757907AC20E3990DCF22D88E52B4D0E8377F
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10523/12/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
File icon (PE):PE icon
dhash icon 380f61ecc4ec5169 (8 x Formbook, 4 x PureLogsStealer, 2 x RemcosRAT)
Reporter adrian__luca
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
388
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
agenttesla
Create hunting rule
ID:
1
File name:
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
Verdict:
Malicious activity
Analysis date:
2024-09-03 14:09:45 UTC
Tags:
stealer agenttesla exfiltration smtp
Link:
https://app.any.run/tasks/27533c38-599c-4b68-a79f-904112d338fa

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Win.Packed.Generic-10033495-0
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66d716a38e12b8124ac91901
Tags:
Execution Infostealer Stealth Msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Restart of the analyzed sample
Creating a file
Using the Windows Management Instrumentation requests
Reading critical registry keys
DNS request
Connection attempt
Sending a custom TCP request
Searching for the window
Creating a window
Сreating synchronization primitives
Creating a process with a hidden window
Unauthorized injection to a recently created process
Stealing user critical data
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/66d7169e489b4603381fda3a/reports/a35e336f-50eb-4aab-bfa1-6ab7d52521bc/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b1c40674-ebb7-4b96-854d-721e840653c8
Result
Threat name:
AgentTesla, PureLog Stealer
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1475614
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
AI detected suspicious sample
Antivirus / Scanner detection for submitted sample
Found malware configuration
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2024-07-17 02:10:30 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
28 of 38 (73.68%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iiha26i4fzo6e7vulto3aazb665d7m6cu4233gguia2f2anhx3ea._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
AgentTesla
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
AgentTesla
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
AgentTesla
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
AgentTesla
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
AgentTesla
+ 4'307 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection credential_access discovery execution keylogger spyware stealer trojan
Link:
https://tria.ge/reports/240903-rbjnsaydpq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads WinSCP keys stored on the system
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Credentials from Password Stores: Credentials from Web Browsers
AgentTesla
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f491e6c2-55ba-4380-862f-941a68bdc9b5
Unpacked files
SH256 hash:
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
MD5 hash:
fe9b94bc0027a4cb1c82a55191159292
SHA1 hash:
f28fce2bbff4aef4fcafdbe538eb7d26f0b3f061
Detections:
AgentTeslaXorStringsNet
Create hunting rule
MSIL_SUSP_OBFUSC_XorStringsNet
Create hunting rule
INDICATOR_EXE_Packed_GEN01
Create hunting rule
Link:
https://www.unpac.me/results/589aaa43-c07f-448d-a8d8-d868bc5ebe25/
Parent samples :
c30918e678ef92471a950450fd052eb49cbf066fa37a42bcf9c70b4a7522f86e
c88c132a285ea816d2804c27249cc2c935865507f094c8e73c27f4bfe8a87cf3
40f520059151169261544437b55034ba75964151f2fb4e931b9c5f648672d70c
5f60065f39cfb14defcad05927bd60aad0f5dbca0977a88cf0afe78ff31d5c63
e15f9f1f3757325a4af0c327a602598d1f52fbaee85a0a1e370b7437ac3e9ebf
edc7431f81049c3df92735f6834e59da7a2b7fb3f1c9c7838d0ae4ebbdf86cd0
8c87e92f4606b57b1292de938a18cc24e181b521092b17800f8909eb9e135c13
e08afe506a39a4bb08a3e299b56382cf4c1ef488b723fb45525dfaac2451d2b9
21ea63d0aac1cb7fe26cc9693ba53b931f227bd26c333a622355ab218059fc58
8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a
13e36dd78efbec69aab73c92a926ee54f892499fbe5174442ef912731352a839
4d2b3332bac8fc3295fb6941f27014b6655c4f854ee6efab83b33652cfb463ec
46247eae2879b89ccae5e98acabb802062b6f21dfe86eb604ef136c2bcaf4958
484794d12f8acdb2894d9009c17421bf0b5be491eb43273f35bdf56295b26ff0
96ab76c69460cc8d8a255ff6ba2fa73091856c0730aeab47cdffa43ab8249c12
2df08e3fcc7d363c6c3d4836f420088903c2853f8a6243e2d035c40899aecf54
2e258ed170965c8d26e5e284e9b6f0204b7be36b68dc0221d11f1a446e46e153
342761981c08642199e312e11dfb8584c39c36dcf0d9829398b5de8de6302155
f59249e0421edc3799b01d06dfdfd1877edb5bdf70d777e9aafbcf5570f641c5
2e1d8dd0bf1511be6665ac5739ae946357fd033b2e8bbac18ab1b9495c2eebfc
e30c2f0a1b9801273948018c318bee81a6a202f4c2411682186cd8abd1ac387c
9c5c25534452390522f00bd000ccef1275b398f83e60edd5c1243cd0666e8406
cf3190bc9c7c3db75b48b4e180a511bdfb62942591540f88ddae24f2fa3d049c
4072d54cdf2a168636a24c4063e56694d071dd91d4337f2413d762841d5ed1ea
71150325320f5fcc0563996a9cdf89217e8a743fe3a75e754fca5fda5c86cf67
e47231e1941487788c99975572fc9fdeb6a4948ce8cebde1e3def61ce628fce5
a159bd480f79fa31be7221debd26ef015e4ad69efed117d9b2892554c73f57f0
6819d0ef008f17b3bffc407cbc8e37c43eabfdc39bdb10029afb535f542e4d86
ee4ae0633d4f95d3611693174a516e4a4c20dddaafa737245fd8a7100a49b9e8
21a19482c7a1a678d0797850431815d7778aaf3c76218e154cd36f13062e378a
f8eb4a77eb29f42fb4ea1c255a1aa67fa622a9e5a8f7440cdf8ea8b5eb1d0ca9
169ad5c33acf7a4aae70046eb2ac4e8f60c62c236065c616277b827ea4ec00f9
e1a098790e575bfbdde1957b2287912df823590042759fdf8e5e2adc26857137
9dcffe8f3437c5c785db60eec5594c3b22ebbec969f02de1ba545b3a70a648e6
f84f0208e1ccce6876611ab8d7e4c92f4e02427e9a72283f5346f98bf6539160
4e10c6fe5d0f656aab6d41c6a359bdbf658cafad4866583c8872ed60ed3018ed
a942a5f750e75de35ee750458c6849bf62af8867469873c1ae097a3f6cfd2ff6
5e1482b083ef98d77ee7c436a9b074e942d605a9b4a6f6c93c0eb65c8b82e359
ddcacd894280453eff2a06fed2994e57b701477c7af50d538f43f5c40c37cfdf
b17e991349d87089f0a98094f780531ff8ee0b89a2446aeeecd61eb77b2c5423
f7e3d289131a067c332064bd6f6cb7d336f0fb0476af14eea1d1b1a7127493a9
5ca87353c4d37e66f76875a46235208796dd620ad3cb7cebc6b5e66be55b2913
2581c92f9d54cdec17c02ff7b814ee3f7411c4f7c5e6bd1e4ea95431a1217a37
4af0ad255ce753c34b265d5714681b436ef635cbfc8dab10349ea913547be805
4ac227785c3f1cdd4b05a9d2ebb94e88a4af65303833c4dbfc35113dc21c97aa
24565cd1781c0378bf33859bddd21713cf1b624d2ab697921341ffb2c995e456
9a71fbe977c8db9b96f804494901b49117db817bce171818140629a345b7eeaf
4d62deb9e012ee45a9b2d5c90a15955965957d3c8065b24efdde65a9c8a33b66
d7068c23337a266991d88993f5b73c093a8b864f8f90359aba2026c02a1d027f
56b1b13bbe42015f512de69de47af0abda07316f4edef30f2c1ebc4c5bde5bf2
5c08922622153fcfa1cf05af7f0bdf474c6f9990c4f529742516a03362675cc0
37109eb42fff729d1786ca4b676167f7acaa918a4abaf3bb465cfed6efa2b134
25a1241fa5efb1cedca9c984dce1f39ff7452b18e33b2368cdc830b7abbe3ea6
75d0f8641ab2d7d47457fa1f1eeb338b2aacb9e356a539d18780c273d5a37a0f
78fe38ba9a5ee5fc0156e1d2a7598597f0fdeb85bba64c86bcc36ed9d1d24bd4
fe2ae83c4440daa77bdb1c5951efe680fe1a2e41209ebeba1ae72792d9c9ae06
a07df7d83e05047ef95a78bd47023a60c53414cbf1d6cdb2bbba7ad762675a28
2363d23876a13f38f92ae169c04f2d12bb3ab6a027b4f46f144aef5a02ee0105
68729fae59820aa23f3229fcb7dd8a438d31e3635bf621a1f53a8086ffadbbf8
115fc6621dd995b238916ac8629521d718fb941f0b455f019c85b1a4174f47d2
05d703bba8967b2bbf708b1c91e364b99e6b2b8f18f59fa07c47d4da47e0272a
ffd7d83a9e5fae75ed025a5e148013b4d3e7da5817bc715e4e0451a535d5e507
e967eb5ff57e890dc8aa2bfc44a97c5016fd2c514590be458e21cfff334df6fb
8c7a2e6b92c3db88ad183a2a6da6f523be61e4268782fa03c7bd4143f614ece7
859ce543eead04b946a2d77d7d2a9342cfdfad1698fef1d442cb51fe6429eef2
ba38c374f40119a4acbdab2bc171043b87bae2d299b2628f2a02da87e851c97f
3bd2b14f49671769cc1b82ab8e12b1dfbfcd126a440a58e75feec717f036e10b
dc87604f1d5dc29d3aab245b6384d1886819e53b48118bbcf8df9fdb1b58dcaa
8ad4cfc5910c7367a8d9e92d4a1ebbb02b659abef458d8ee765ac09e3e46a484
493b28fea1ea39199b503c952ab4efaa8fd3ba5a5d5a2d9df0af21d031f3ea4c
348a670a96b8de07cb4c376807d33bd7badb5f747917dfec6f3fbccf7c966bd0
546569a42f00553d7fda79e6961779afadd95ea8e6a8738ef344275f2b642244
9388d14c8bf0df5eb6607f66666d959017e45e01ce0a22b32dc7796b10cd080b
4d25a079e5c17965e6f79e9f47e122aec5b86b5a963525e6c1886d8c7d532e9c
d90ae55888f77f6914a142f25a20a441f6947cc4074f17cf8ecde99d41273525
7fbb218c97b61a5da84737c2b149277bc2d2c06601d891704d16924005379a2f
3372a33e02069a1a01adaf93b869ed66bdc06cb5b886e57c6f81e0243d6ec3a4
b27978ed194861aefac16772c229ff70288f71cc59611679eae88035a6c0191a
269e25fc0e57a2a1cbb6e3f01936142b4c6e8807d7e33960e5e8baf38ef3b631
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
cf0640554fe636e6ad2983b7c61a4a62e3d368080bef6084024e23e7dbfe9715
7f24d1a1ac882a4e9da16afa9f05464cc7b4a59aa42edd8855543a10319f5be4
03d70e61c415e7a0e2ec76c31cdaa056d05ba4a0c5424611df5b5b69c1415ff9
963574e90ebf7786aaf6a17966441068baeadbce658ddd2f19af9a9f3f34c7cc
42db38678ebdd31dbcab40014ff3b96a8b263f77e8484901226defbdfbb8eba6
ca43a036727274823265311a9995eb0c70e288bd44c5655a0d231ebf108a30a4
836e1a1a93d29eeef8a26fd8001cb5efe017c899bea5c4d404db74cc7e6ea563
165005cb8423f38beba5461a10f3cf5fb69304013b5033463265c5457e48b76d
99da41b6e12ed59550b34c28d2a84eae0a31c5395bd589230a368891d9053159
9ee9ae311878a9fc88d891aeb7282d9633a90bb4f3a8688216fa3e12e4f33bbd
c015ba3cf24ba3b9a60b53b0f36fcf3368296c4951967ce63b3e6a6cfb3e7472
7a67d110bc1f15c95d420969b5ac6a78ae1d3c6d0f7d4e913af4a7db142a461e
4c325803ce0762bebcec3327635377a360e221480c99e1a95b708ed224b22cea
c071e52c0f19cbedbad1c026a30b9a2d5f6268c8e9a742c802f322bff7fcf372
62c012d00a605e319f4b61150151a4d811b80472e91ebc4bdebd5d98035250d2
efad3269d3bd9b9dfea3c1553dde89ad411d4dc850ad2cc9268e291ed3af1c6c
76ee39157442dc28e64f089260ca42ec5374ae2fccb99d0940b9717e48e6dc86
11013cdd71339c3aac7041ef80912c8c03786f5967d58c539af0d560687089e8
2791c4da37ccfaabed34d36c65d373650dcfa6db4cc8f2990d671e1c01cd74df
3420372e13d30995161a73ca1b87f59273f2e9986e6763b87527d91ed53df8ce
137e0a944efefef514d0595cdfade088a59eb12404a1469e76cd024ebdb2d1f1
aa31c3c2ad5f799d3b7d964c05c4a066921ef60aee8b3f96b4c95ba38518c692
8d8331f4dc08f7610760e59020a52423569dbbc5e7b03efe8026917f4905d19b
b612dbe8660225d074563250626237783bfdeedf5bb38d5af1e2789690787fc8
3591cadebdbbaee9e75158d085435cf81ba8cdfc5c92b050275f9b490ee60998
2abceffc33aa61d03182eeed898d402dcbfb1ddca4d1e6ee4b0b0482aa4f3b8a
e834cc0db159080a88d07c5e1c843905f7eb1f3b0b48ad1c5377f159fcb5e5f0
5b2d21f50ea195e247b45b8330c18acfd0f71e146fe40489ee8301c7045daf04
238525043acd0e92e92f6317fdadcb469dd26ef5cd7460e0188a673165ebef84
a43a6421f9f5f7ac6ce878ceff99e594fadc983275f4f2f464341e5564784c70
e2fed3e4dc387c2c5ed61ad006a9c346eca49f388636d31e48e19e81469d365b
4b669a9882308c41461e55b5c429cad387b139f10c73bf23bf4181a6b42544f9
5bf7b4330d2d77e12de0b43fbf876300a792e27fcd01021f02215a918781f61b
128eff6584a219a06cf80b831dcda899a96695f279e039dee81ea862aaadebed
e25b37773835f8846b990e84b23d62fba6130042452a4f43d4a8b3a6ed0c25ad
6a3d938b7100e9c39f7090db739cdf40f4f8e951bc39ead4d7b96c59c387df4f
e9b903a7b8f21807cb8025db679ffda1a2d8aeaa8de550259a7dd287493c8bcd
7dd6e7353eaa5327ca69dff1d7e598b3f36240aeab1efcbda34b295d9418ed15
cece3161c3a7ca97caaa49e774c6811e1f378cdbfe9fb37e17f953da7f8ebd08
36dc014cdc1ee051b88eab111948730fdaaa261506d32e2013a34a2aaea0e647
4bb06d5adcee687a9935287829f07670fc03579b1761163926f8f92c72173295
dd8dde439f81fa4a6c927468424e86bd039b0e7d20ce6bd0b64aace0a4ac17cf
fcf8187bb21250eb6f8bb655b18684b374c6135a2696c0f026da4dd65ea82e5e
ae818fd422d1eba54edfdbb1043f749b9931038157e3db1675d7c17fff3d1169
f532b6d77041027a94bfbc117759218899faad1441e4f60b57197d0a687b9240
2218994e51c15b1b3b403073b062c895bae9704a3255347fcd07d5a0dc4f217a
ef0d48f4ab28cc338fc29affea2e019f1aa34a54c4220b19a13f57f73f9f81a3
a21e5885c3e892eb1f2adec7d093935fa7746ea10ca638b3a00a73d67caddf7c
767aa72294b73ffbe525ee35fccfd5939a9cf6d1128717ac159ee9b9f9adc759
34df432fffd0dff5f4a974f12dd75d405816892e113100f34ed1b3bac7358ffe
fd21ad1a514c00f3cdadb7b6cb1a0414ae3ba4ff3a822a6a1d44857fd65bb998
SH256 hash:
f4b1231714e327933510abd2e9cd83358a42a5fdd581aa69a4edac25e233625f
MD5 hash:
1a94f93c521e85bae0c75338a994d471
SHA1 hash:
4924a8ed116323400b0073ff9e7a5dc662a264c3
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/589aaa43-c07f-448d-a8d8-d868bc5ebe25/
SH256 hash:
7ad21a6f736add6e9467f66ed54e47e8f2a3646dea329707ba2f41336b514f8d
MD5 hash:
88f4f85083176e0ce5124bf430de1db4
SHA1 hash:
3cd8f63db4ddb698cbf4c4ed864a684ed3ebb2e8
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/589aaa43-c07f-448d-a8d8-d868bc5ebe25/
Parent samples :
a2b7c55d98327b22364861d9778f2bac1bf97596350e4bc992ad8a41766af642
f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92
8a28668302df8fea6ea0361fd4823410aea2dcd86934736e977b356ab9052a62
2055f52f3b066bc2547e117b553f1ce22492e55eb4d4a55d2e6150126c554074
540496b0cde097cb083d1c501af7b0ed84c5e94922be37700bfa44c2090ecfbc
0a9e932f64ddd0e3292064029dbc66987f28484dfceb705875b92403f40da037
499ef83eee9cef5efa3dfc22fc88a6962289722a65626ec1630721e930784287
9fc1257fd3272952900bbf3a49b53efa12afa7859cea80271472bf3432de4288
541f77347a859dc07d9b83f3516651a0b83c9c3a60e0de12069872e7db0c2df6
4f0243930267af37170243d384fc111b2ca3da9a3497cb7862485d7b62d71607
1eddb0c0fe21e1a1c1e7cbca6a89c3b2859c5747b08b0de0967de5169ed5d63d
8daf0632533950142b105f3d85c333ae37a1c060312c8e12b84165880d79a68f
a2584975149658da70c801f79fbfdcdd66eddf114b84332d401d2ad6a0ddbf78
7ce159426125e54eb4ed37ec9bf8b4c6eb26cac283889654d298913986304994
41f33dccdb9abc41c8804f0df10d053561eb7539f809dc9161acc6bfcdb40ae5
a11fc46a492edb3f53615fb17ed37b26a9bbffa286a757d28fa235e1380a7c41
5251566d0b8a27c5399efb9e5298c1c50fda246e3f15c8ebccf7d21282edede3
08913588c0af11a2447bbbbe25b8f96fd0acefb01449a942a0b43f889e108663
535a76b11d8e55c1b67db48a5e19521233c2a877f83b65fb6e7edca3257e4a55
39acd505663ef230a0871108eb33536dd87367ef886c1f209784e7434a930346
9ca4491594bed34f77e581987fb61a0085c1311d94b8118bee73b4f08710da5c
0815006376965ab56ae99a21dd4076ac619276200353c0b347992e5f661146d9
9b9ba6e3df79c2acd5ecdb46d3fb5f4828bcad17b899841fda48bef82f7ab1a1
93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f
5f28ee38925eac958fdf014ef1c14076f2d4163a436faf1c73697488c586cfdd
3d8c2b773235f2f986d42aea2d478cf1791665d7611ee9f408d6cd422d2907de
c17477a67b72e26224a8670e25ce6bb06e2653e3adbf3797649c137ab855dc24
3796cd93f800a4c068bbadb4da09c577330fc49f0fdd171ef3bfffee0b3b555b
7998c6f8d800947ec96ac7c07c6dcda90f917d70377c23e8a07d8dd66ebd873c
76124dd94b1b58815ce7f7af19bc65395b8d018c61c0c780250c32168f666663
38fadfd8efeef9ec2c93f281a9c089687a8297421846bd3661160af5e9752ef1
4906ddcb0d832b5f376ebc13a4633f540b32e2e6e1e3d1ba6dc19fbb5894f022
28dfca7cc8f1ef1def5327d15733949f5fe5bdc9e0ec97f19dccbc0fbaa141fe
7c2e9cf8736d5385f3e8bbf3f2a227654d9bd5bc5a62cb5a2797efbfab730479
017c0924b30725568f948c8976ea50802c946cb429cf4d160620354741b754fb
e99c78b791adc8b4b317e5c8a3a6666a5f62e29c8ebc6d19b3999d647f39a320
5e7b9b88f18be7d07963c53f18b3bf473f5e05ff30817c10538214292ae846f7
87099c1d32c3149b319b23a95fb11a027aa837e1eb6a672d2c86050fc3fd2d12
21532995df294a6cc55a4a14c22d08556ae4cec8e393b98b2950579a6a61f079
421b0ef1c2a88cd4748fc910f2ae7ccf92070bc8bf85884282eadb64b1ee78e2
2d1eb0870368e5de7dc40ac12096387fcde15f863b2b3139d448e32b2ce0f93c
51b91109d6f022b088c42ca6d7ce0ea03a02ca7b27e8911b907c21cd04a768a8
06a66d13076422b3fae0da8a08324fbcf9a2dbc6fa042ee72e90058690f47dc3
ac5e61786802fec0c00c05fa0af6310a8968939dd0fd73eb105562bd72b04d1e
b3ecfad7812c038effe03852fe7794bd52d291a97d858245c48ba8fd8408e131
7251d04de339b147f2de330de23acfcc09e69b92fa688948f0fbf81e563f7962
76ac8355a799b81b7adc8b3a3ee5f6f64f4cbd2ef23a421117346505da71a32c
ab92bcdeac6ebabe41a3e5114379fe8ba179f665ed9811fac701c29c74b37bbc
a8fe32e805d1e0a0a61e2763308b01be24656f9bd356a863b174ce61e32d9a7e
d9af97e029e98b7502110beee9913df5132c5e1ad620e6b8124bd395c72131d9
e85ea93dc4669d3eb1342f61a3efa344e930ad12eb521fa539a6bac74ca5ae1c
619b4e680f74f6c69a48837fd9ee5851be850035c46c12aaf0669139d1061de8
45e5d45a05fb0a8689a8fd436e031df0a62fe1e81cf0ac1f887ace4d2330a77f
5494c788d973660b6e3f765d74abc6b737375b4ee864fbb5e7ba5ece4db3a308
a61b8d2bc79e489fe0009755c0a3ca485d64cbdee48bcd55f2dc2624b73e994e
1bb3e7d7617a9375f350f098a9e4e6cf7b5749deb00358f9c26a76d9837a1033
5162998410249741117aa8b3e5f565c715052caf2628e387ef3e266dafbf2b25
e1153fa8e128ce45bc1fd82c073aa9724653ae65a621f7accf41a7b4ea542906
d86f788cdc10d9a7f9e4cc9515240f212c02e378355b64436fd18e5484166dc6
8b908fd9a90c1b2040ec49de39a197715431edaf90939922b5b13b69527a7760
741abe81188897ed8f037a7b4d7aaa689884e85a8a00a4b3b12fc1027b96964f
e57b50af21c822c0f1ee999f15ebd143a414f82d01435aea6f3f3758cfbda3d3
fadafafbdecdb64b00e6bddcb0e33bf68c2a512512fcacefc1d848e35ff3a001
ff02ce95ce92934b9bd5ab657c70a93909e35194c4efcd6105add3dc2fe74f5e
8bd0c48813f5c2578c3932b60ef84e4d62f7620f4f7e26d942f9765e2a589eae
fcb4c6602aeea8229338eab9ed2deb97c27e07601791ef19c7e43a830079e416
431d8b9d0948fed630f0c459d5cc5b97c52d1c6f244a33ce25032748211c14ff
2eab1dad985bb0d15e30cc30af1fa3254e92cfd031b06d2339c93aafb58bb618
18c4dbab80d7e5adef5c28a522232b6f4b0e47ceba4e37ec1f7e2b17495f9c64
d0149e816937c3d187140af8bb91858c5afaca1320c98697a02e2bd890f098a1
f87629fe500d954e1b61b05d369093457dbdddcde2a83a5445c1e83759317334
676cc88d18585152438aa593970014f0f661f98b427d454627513cea119f0777
c008880967c64851e47f97ca7ed5a9f8d2029dd87b3ae6eb77f19c43d8fefd89
09cd2c8c95cade68be7118fa0fb77e29f8cc02a0f4bcafef8a28d7d39ee74f55
9022ec12d1c63779111d34993afd7aa58f7a7ed7087271c52f2300dee80c7f89
a7ffc2ecbcea1c01695a5b1b65f3c2adab2d5c98e0248f224864a503aab123bf
6a31f54219ee0ddbfcb2aa841f922d48a849b1b047b8693ff8c2faad2ab8fac4
9cb78844b0d23a887c049f6a1de76e7429ff2c81c6e5c92fd42deb0b5be2b4ed
9addebe94747ecae48221b2b7efaca6527d5e5a9fa8b792699e2d885d26004a2
b6a40b8140bb8ebbf10c47b649052c765a55c3620246973e97ab937f6361bba8
9d3a9d1466d81346ab6324ccd10a855137c6b93ac6fdd6cba5e67621b047fb63
7f8a3c9b1f5fffc4627c130c5145f17870e20bb1121ab44ec948e614b3516dca
0b2881dffc8cd0c36764d955f9478964c95822672da0f5ba29a5af5c16059b16
8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d
db7810807e57bfd7787f90ee9edf62916124eb646f39a11d601b8100b528a985
d270c8a2103434ec8902b1d192f8907c2a36389e7657fca3dec2cfd5bbeaa917
e8167dae28a414969cbe3535e3f37f496f44a94d41e3c0ca507a31091422b91b
b1352a6d15922a859937a191d75c7feecfd66a6b648e56382acb5174c797e190
f6bf4471924e9dba31be59f8b96df06d02c69416c4c0518148507ff5b8f7cd48
b9fbf6a6545fcc42cb88d3261d5ab2e9c1a61f2efd0955ee9426d78418eb6a73
94d5674b6fdd921ee1e14693e00a968ae80d70cb19197f72f53c1e947d26ffb2
61d0fa3933d0620b188c69ca85d91241e252ac419b46341ad1eac5dff7c9676e
412f36cadb0568c43f0738c6a832f9096fa5692c8271b1e322b570152084dc31
d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0
5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33
0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd
b34385fde3f74d82ee83b2c24431818bf23e56e897faa3c88e45d4ce712b1b7a
e0a16342e9b3ba11e7ac331675446b80bcee4a82347c07519da74651e2aabd8f
08666ef4278f5e77d441949a6069b712fd4908fc75df489ed9289daa5ff3cf5e
05da9848e44274f32cf592fb476550dedcea2477d9ae2cce3dbf8c20c04cf188
39739a45c3ad08076c372e156455159af07b99eccacd6ac7c21c273a1a7c48d3
c817017095f39e4b56e21bf67ee4f1dc9daa062cfd9f6baa2b6e7bd49b06a5eb
c19b70dbb4f6b4c1d33175598d82df4fd0798955a6c26a3d5f787cfc5566734c
b9c6ec21999ce5a5018cfc0dcadecdeb1c6f8c7ba9702d2bcaf5afbf25fa3e35
8f8dc73b22c993056e407a1dde2946830f4bc24c61ea7d33b9e50bd18f96075f
fb20f2515799981b9b526e6326f5fb1b3e54b200119ee1d02141d0513aa34fc3
868582a9b771968c6a81d446f2eefe693818cb02c04271e75735b4a790965c8b
9528d4e63d41c6c17b151d183d9cd4d89201733968f0bdb71f66847396e9fcad
8169fbe9bf02387ec00bae17cf93137897320557b364701b381bad3bbb80c9dc
86f7459bb61b6eaf595824dc945f72659d557a8bdda517153053e734d80d7799
2e376f05023790d577a4d2e110640410c9d65c145d2d02e207ff07c3271ea095
b9d43a80163b702f8c3d2aac0409bb2d945368e68b9c4cbe29e888ceff2fb953
284f26ae087d73b251064270b831c25b67a7d58eafc44ed33a4412af283c7ad5
bed59c144540d5cd1662becc04e1d7cb2c974023ae5cc1689d6070961561d8b1
646456f832bf387fc22d1c5a26e2adb6473c19045994a54948c0dc07aca07022
05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9
9c6f132ef4142409bd7a1448d3dc52f774e9e33919031dac82f2afb27083945f
2228ca29a78a9e1f0c43f739e7c3e219ad8523d9bc29ba1cdbfa176afb0a4034
d40f2d0178e1a43bd3374e7f40d8c2d319e71fa274aa9178125a835d2c3551b2
13905f844c59906aaf353a12fc820dfeb56f5f1d781ca5b20e24bb20d1542ab5
7078ce11779082abbf449671f21b63c4228982ebc427ed02038c103142e34b41
a03e5ea28a045edffc05c69ec5d06601425b60ec2523448bd46e14ff17643c95
b362ced287b5f00b3b2ab2c3a7bbc85b57e13271d76a6c65423a831fde92876c
e964192f47b1128e8e99ac2ef07ddeb1edaa662f426925989addde2b04833b9f
13b6cf32882c6f481abe2a1484eb3f8a4212c991e792828d02a7e8004586e837
24c2303ae886782356acebf0b9f45519bc5f13568edf2bf2cb8c09081f5491a5
81e716048fef66f3f6ccdebc7df3867ebb4ab9cda48578702345203ba2a6d74d
70ee8c0d07ceccded841b84da618617ffade6266373de9470d14c27a67042ea6
d3f7e200327d65a5f4304f30f5795b37bef0d5f0ab3cc7ae9a29785382277c64
93fb2c2def6fe51d9c9afae8f2e36a8bf5c59c6ccdc4f9b581810aeb40e24c4f
c825602722833f558d14faa3d3de16c377f97a023283bb2fe450fc3f347d8cc1
4d96a4131c1aae670a44d6b300a9820639bc97bb01e8e88eb80cfae9489fb224
a4de39a318f8fb37cf0ac7f320a6cf7f8b68a403ea26d3c5f8b82630f6693b70
8efbf2d0d1691650090ab26cf93349a82665bd21b2b7d169bb65b02f973b0257
d3c2cd59a8bf90c5e0ef31dee4d0a810a476a66a6471278bda641a8562538e10
b22a347cb6ccdccbc3e68c48ed6ee69fff4526eb46a54d12e588e0cffc3e9c51
a71b6413d876deb16d675d967b8104f9a36dc11789c512828e276d74b1fc5854
322264ea458d16bb11f1971bce32692800487067f71cb96b403b7f2c585a9a8b
c2aaea5acc3de35fea2ddad8c840755bf6e442130da54de40e70ddb48943932d
a40712b73cd11c8dfe6cb16ba2e9f2749f0a9c154ec5d800cd805b1438843253
2b1262c7947a2df4228748a5764446b9a2b1d3e3e9df4517a6ee2b5ca6c73fab
3f0634e92ffb47542095778d12d38293ed45567346d14eae671b227674c8fae7
ecec98c92cc04b0d294a56a3ab45956f19dbe5d1dad5f2f2beee48fd0eb1845b
ba1acfe71edd389ce10a570ffe0f766573229384d9606b0700099c352994b4ee
7d811633533f5096050a137b0eec018d16a465573c8b078f2ca9383538b6092f
8651e46a6a99f7511697248d03783e1833fb4939f6520100c22dab5f3e7ceb13
5e8d9cec59c261ad6e67689490cdd741d56c682cbe9a4c90668f77ffb6f5cb05
118d8fd564546c1053e30dbebd4ab7c903831865bc97e767ff6378a45d4dcf92
d018983432f75f7768fa0f60416f3f3ddac67eb14cbd10ab0d46ac6abe619fa6
ad233cdcf6ceab12b375ccdbf782170cb5717a76f8ecd5d7e45f84800f8ad2cc
208d7ee1a8672a1f84f4fe54837aa8743e4b5c02d11491f8f409cf78cb8d5f04
905fc6a80ab277710c67902b38536d6cb91558248589841568a8802103b68d1e
ec8593824d221cfed6b537906fcf5d1604f31b8e5d876e796f489d41e037ae50
1efac74f266547df191d6b74f32b70c01d4db6200e740f1df5b4bd759d4dd1e3
4793526dcbbe5246f5d8a0c89df2eddb8f0820e8a096142bb0827718ccdab4cf
96c861fca93e9209acb17b95b4253f3c26f483ad7dd9eebe15da3067299ef1ac
ead48c3d70f9e44affecf6fb37769fed5e65c137600e8d97087db029f059f3e1
18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84
7719d43974124fe2a5053ac36eb223bb6deb6452edfc80afd615a288afcc6317
ea098f4397146a44801177898a66a0da04690d51a242c5687b5e2d33afae1bfd
8ccd8ad72f5b461d87f6363d193da86d5350d336bdaba12ab0f6ca861dc56001
c05d634d51542921796702112f1b7c8aabbaa9845eb4f26d3dffcb3bb2dfb160
24738f9d40d5b8b364477a7fe4d85c530ef015b01eb1934361134a1295ef52df
6a0de0ddb4e3f6d952e89f747d3513447adce4561a94bcb581bb70e5ded9828e
4e504e5cd7c31299740b00ea1d3a9864d990efc00210d0f0c0b5ad28c4306d81
78ce1e90dd3a1f92918566d394a7ffad7bf3cd8a78e160adfb53941e79ab9280
ecf7d21e6034165420d152b1c77462ac51da9950be2b4eb32f966eda29376aa5
096c0e22a5d06a68ad51f516b893fbbcae28ed94548d7121278f4eb812c083df
f5368436685277dd73f2ad2fe3be473fd4ab4f5c6691c1075eda750e8bfbcdb9
4ca711bc6a1cfc2ec7158cf610bb54391dc9690cb36855479d0a9a76bc9b9623
471a8797e50ac957d25658acf1e82534f1e9865ad929c2ffbbb668f5c06406c9
200e30643c6f2deb21087663bd8e7575fa8b73f762f3d496aef23da0a716fad0
ffecbfbd5872c14dd19b6270c23fc8bcbd63b2b2c5b4fe33e2756c0639166ab7
dd3a46e764652beac1484aef15b5c1051dc007014c0fb177ee84cbea934ddd92
97e34da2ae51a9d4e66d26943765d557e4188ddc3ec0e0326957fcf5a15cc207
c6b1ba9ffe05a03d88f24ae7fe9c3543976d9c392862d4c2ca6ca2d53c4befd6
e8a05062de1ccf4ae13ae370235b08b0d7b5ec5065f18afa236e3208bded45d5
0a0716f8c66d7fb7ff881caee981d15e730a558ac12cc3e0a125f0054daa8f55
6a4bc7a4ed9d29b26f6448aa110073555deec6bf848f700da258aae494a05732
665029b14081d957509bdf72be22ab7fd8f5aa2f63ad55339fe4d006647b9a29
1c200baffc2c2b9a299a0a8e431634bbb12160f74601f85df81a9d8ab6ea62ae
e35ac55cbd3d5f8449f8c2ba5521211f2ef4b1d00de6267d6f99cc83689fa8d5
eaff4b8791919d0e65ceefa34d15d4ff5af6946b4d415429e8db0e665a3f97fc
08978fb80d692af32b13d3090a8894f09543e84bbd8870f525ede2c35c14faf8
4de3f163935e138f9654e3f5bcd0d53a984e3e8823ae38a7407d7e2da7f465cf
769727d8a7fc945cf29f78f8b88ef6c62a30b6389f38b0b01e7e64e73eaffe64
f9e519cd66cb6bed521306afb703672ef2ed9d82d8341398c4199be4523cad96
8c0e73e1d979de4ade9868a169178d5c82ee54490acbafbcf86df113a8abc30e
e490aa3b0ca268d2164810880c0578b369e6d830560d8d295d0711550b4497a2
66c43859b6e874fe212ee69eab9532f2fbae9c3edc415d7f0438acd591ff9d81
eb70ed06d47c8c56d64970223e42898350e262cd50c8f9d9b04a60004ae742ee
eeed5960ef3432fd2705e8ce066b7b325bf1a8ff7cee538a06eab338e1b3b374
7956f2479300a4b8532afcc9f9a6ebb62262ddf33c2773fb540ea3b58c73fed5
6af79d96f93fecf5182be2b0dbadb8a0874fb4bcdded73478252ccec2f48f05f
3dd9da5f91ea1de269504d905252059371eafacb8b71b3bc0ac2c38a16db709a
7306a090c8afd7557dc6a32f072937107058f5d14b5d416730b189647980b757
048b95c63729b7ba5758e01301aee59a76dd2eaa09876791de8d19ef13841a88
7a71c60c503064ec746f66922bdab12fe8738dfd82fcb3447650e45aba762bb1
789bf9980a00eca1165c61fc5257ac3d453231e1d5020db341f59f6aa62b99a0
1ae0070dfb1bf56bba7a857cc5818b686ebba0f14501800495b7ef31506648c9
c3db721f1ec3fd4b3fc040db03b4d7c33c84c708dbbb0ea503b812869b0f3ea7
dddd9cd5cd6589c82939b6cb4d6b86c4f8f9be9b68d03a05bc1d00a048127d22
3c764ae83eaaab36e7550ebd312d12daa8e41cd8bc2294eb3bdf4459dda73f36
25bbed456281ea6f37cb6b295ebd0d1764156e797b4f15e0dc1bbcd7342086a9
a4b0159a70b122f3fb0819baf57c961a004ca7d6e27da74caf46416d17568a94
fb37e9bdbfbb7d761432783f5a1c9da901542426bb386bb611c9ac5f2b8ad8fc
7fce3e76c6fced8598769e97c7cf34eaa6e86949bf61b75526fb3b489f6d81f7
fdf11dc1585e1062c299ee652e789da5091b836f2fc999c99f0e6833e9d0db6b
ed2020d0ae7e0775f1b543853838940a346a66b9152231abcbf1b96f8e33df1a
7e329b19cf17a8cba1c7102ed3758a5f50ffc7a95af0a1cf82e3244fa68efb3c
1723b52fb0a05e96e165eda1385729bc64d02ae86afaaa3d1661637ec2d27192
0f1edcd6bf18c167ae8c42121d2436ebeab27630ebd550a04c7190d512fab2d5
f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054
21b097d9170d50af60ea1b9b446319f90daaa1201722929765b0309b2ff307bc
3aac84eb311c3a7645b7fc1eed648da7e50e62158f000fd308be904568c7788e
74e8a854e2e2a48e678ee05c99a41de5fe5e3c7138c92b4ac2331c4a2043e826
f32fe860e2a32304024771ae67f2b8190056aad488c7f128ae86f876639b70e9
2768689f6c4a60b7fe18d6c87fdecd8a7f8dceefa298a5851c4a7c6909f3a92d
ba6b404291eeee5e3a7f92f8debfd1af684035664d95fcfdb7ea8fef1b2da40e
fca147ee2f07c81f599b17e6957d45b40dd29518e9ff97bb90b742ea1c27bcea
5eaf5683b9a9dcc148254e2976403af541cfd48b89bc435122336e959a35d6b8
9ab55ebcc304758f38cbc1a36a4f62f3e0e70679ff2b526e4f8f0b27e5745d2a
16ecf712d513d305e40994ad4cdc51cc5b9be0f5f7067c543f00875973bc0a31
2a6ee6b0b17d33a011119d09d27e466d0d640314992d262f03a3789c464044d6
af0b876a436452a6e998fc622493aaa4553bcc53864d66a6a6d5d476a85902eb
606b8d5e2048dd05a8c0339f47e7835d7db47c9b9d7a2240e13873975eb61ed6
b851e1ad3f4882815c89fa7754ed5dc89edfc0c2ea873a83a19f65299566e46d
956c41761587ea08a6eb3fca5b047ec8a3145a2d3ced9d8d3967ab351891bad4
459c1822b23497d81044d18ce0936f876b37a478ce847140ec69a8dd58c0a1e8
ac1ec8def049ccbcbe9bb3dca158f7653c8ba85d158f63e544b21c5a0247625e
84fd288b1a34fb0f876bfc4f12f3d089827ebe8caf420b4177e9f15f290b8997
530131a2d023193e230caaf036e446c1e3122a9b260715026e50533541290a2d
89dc59a7a775dfe1f77a49a7e7c964ffc70ae523d209ea78d7854410fe476b90
1b754a8b7d0c1d3be17f751d327b38961c3d6ea3b8769c9c8edb1f318dfd0787
434ec59b680788bae7f2935200a77e681cecbb517d853c6e6cf31f4cf112e5cc
de1565a5b502c4e2ddf7dbeed2cc4ef685adb6f0731c386943ee6daee4c4fd85
b846450f859085cdf0488cefe8f186559d3a688ef3a1077b478dfdf1c6146597
b7d2cbbb89d8e19df00ca2912eed64113e334ae25e27151c384fe170f2d58def
d43fa50daa883b42bb53678fcb1a9e956bbdb6bb6256ddaefcf5e4dadad450dd
163dc1e7f9c325afffea83840e318a51dcfa736fc0e0e63477c7673d2385bdf2
0955e1c717cfb3cc4b97d2e22f2e1f6493b6afa62f94e8d068baa3946f47f820
5474194c07b4f0b5144069d189cd55adfd2e9e8e89bbbdba6153e173a094ff42
26b72c81c3128373635fb99afe3e28b5c17a069dbe828229243b3484960521f6
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a
ff91ba5708d63898bb46549107dc2e7b6945d968e1f629ccbe679ad575c1721c
92237dfe62e734cfd7c58327c9386a912388148738c9b11dd4c840fb2a956f12
3b5e5fb317040ff6197982f73c65426ea39e48f0108a4349acfc27468cef1e86
d2b2b2ae2cf256bec969052f108726d12ce6f84a2ca91f4baf4683a5bb331c86
465c79cd8303aac9888982f9edbca10aecbf7b0dca4df78d2c3a2bb429104ebf
cb810150b6ce80f61a808726d5abfbf598239c2e8f260f83bc27d6be9488f45e
1bf2a9ea09f8638ac50155e3bdb1bfdddeb5d3496d8f44fe2be0b3c57ae16941
SH256 hash:
9e5ffc99c137984f8ebb259045453dad00ef2d302a47339db43c435a45146283
MD5 hash:
06116feeed5a8fd758cc7a9fe9512952
SHA1 hash:
13e5b4acd4045b8029c405652c3c6d987fb28447
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/589aaa43-c07f-448d-a8d8-d868bc5ebe25/
Parent samples :
b846450f859085cdf0488cefe8f186559d3a688ef3a1077b478dfdf1c6146597
26b72c81c3128373635fb99afe3e28b5c17a069dbe828229243b3484960521f6
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
af10f3a48dbedc97b3823fae7eba5e9ff21f21ea9f588fc416884172c6da0b0a
ff91ba5708d63898bb46549107dc2e7b6945d968e1f629ccbe679ad575c1721c
92237dfe62e734cfd7c58327c9386a912388148738c9b11dd4c840fb2a956f12
d2b2b2ae2cf256bec969052f108726d12ce6f84a2ca91f4baf4683a5bb331c86
465c79cd8303aac9888982f9edbca10aecbf7b0dca4df78d2c3a2bb429104ebf
1bf2a9ea09f8638ac50155e3bdb1bfdddeb5d3496d8f44fe2be0b3c57ae16941
SH256 hash:
420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8
MD5 hash:
de27d5d7627ad1b480e42c6feb3ef4f5
SHA1 hash:
52583149e44eb42ca8b9322a7216b6eb22717162
Link:
https://www.unpac.me/results/589aaa43-c07f-448d-a8d8-d868bc5ebe25/
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/420e0d791c2e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/420e0d791c2e5de27eb45cddb00321f7ba3fb3c2a735bd98d440345d01a7bec8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AgentTesla_DIFF_Common_Strings_01
Create hunting rule
Author:schmidtsz
Description:Identify partial Agent Tesla strings
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments