MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48fce5283ce4cc7338411ae3d2b3d4c9dbd6d522f2f8ccfc63c2705e007364fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	48fce5283ce4cc7338411ae3d2b3d4c9dbd6d522f2f8ccfc63c2705e007364fe
SHA3-384 hash:	999dfaf837d75f2bec1a5de1894e5338eaa08f08d14114210a4bc2535352ff35bdeac46ae968a681522830eb2952c34c
SHA1 hash:	058106b8969e19123849d50f4a8bdcdc858126b1
MD5 hash:	4fcf4a603aa74576c96c7d05ef840a8b
humanhash:	california-yankee-saturn-iowa
File name:	Scan Docs_xls.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	838'144 bytes
First seen:	2020-04-30 07:35:57 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'473 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	12288:DBTVRf+vyWyxIHDu6/MpNRoKtHM0TEi7lpeao1QejPrbem/YxpsH:LRf+vyWyxIK/eYHen5jFM4
Threatray	27 similar samples on MalwareBazaar
TLSH	8505173591B01BD2F5B68FF64E20A255FFF61D859D48920EDD9830E609B3B80C5862FB
Reporter	abuse_ch
Tags:	AgentTesla exe FedEx

abuse_ch

Malspam distributing AgentTesla:

HELO: hosting.comfrel.org
Sending IP: 162.241.208.147
From: FedEx EXPRESS <notification@fedex.com>
Subject: FedEx Delivery Notification: Please update your shipping details
Attachment: Scan Docs_xls.r00 (contains "Scan Docs_xls.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-30 01:19:01 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=jd6okkb44tghgocbdlr5fm6uzhn5nvjc6l4mz7ddyjyf4adtmt7a._file

Verdict:

malicious

AgentTesla

1da6d8cdbcbc126bb0e5f21e8e4678fccd0e5ada916a304ba48c473a3e674666

AgentTesla

1dc7b9bc7fc4e17e45e76dfb99d0106802a503fcadbe1669a0fff3499a55eade

AgentTesla

2dfc45be72447ecf3429650941acc658fadbec21891e5df119ef56d64af731de

AgentTesla

38a765f04db07e561bdf8944b580cfb4dd6759496d4479cf230af9e943d3c27c

AgentTesla

53a38cd98e4cf17246e97f7b8e273a6367d181186695e37278e9233c1cdcc3e0

AgentTesla

6f638140923eb201b19d8f2be1c73e16294a06e2ee21cb2b74099416380f4907

AgentTesla

83ba03ab6dc9f33e25c6133bead277ffa2baa700da8035681ccbcecff68d85a4

AgentTesla

d36325c4e5d94107b550c1bea0edb4f5e6854f83ee11294685a337af71683f6a

AgentTesla

e71507cb46e3e9a08f33cd9cd601d8a2f852b91162c6ca899b79c011f8d063ad

AgentTesla

+ 17 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 ee27f06bb2649494b85932def2fda86369184cf5bc09b9e33dba845e3bc6ba61

AgentTesla

exe 48fce5283ce4cc7338411ae3d2b3d4c9dbd6d522f2f8ccfc63c2705e007364fe

(this sample)

Dropped by

MD5 0d6bb8c612344ea806161cea036e4fca

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 ee27f06bb2649494b85932def2fda86369184cf5bc09b9e33dba845e3bc6ba61

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample