MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ba260c47425a120368dd0326606437d7a81fc273f78f1ee026d138149e3538a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ba260c47425a120368dd0326606437d7a81fc273f78f1ee026d138149e3538a
SHA3-384 hash: da9c7b907122e8e6dc6d73f6b9b4de47b062fc0a8431033ef8e78d1f783c79beca9f6a9670d39ab6f23caeed1129ef26
SHA1 hash: cba2e49426b03f5ad5d7fd757f7d588f65abbb8d
MD5 hash: e8a778a713e9e68f133eb74c882496aa
humanhash: nitrogen-april-leopard-missouri
File name:b4b23809c2596a7d88e8f9894cc5f280.decoded
Download: download sample
Signature AgentTesla
Create hunting rule
File size:287'744 bytes
First seen:2020-03-26 13:46:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'795 x AgentTesla, 19'693 x Formbook, 12'274 x SnakeKeylogger)
ssdeep 6144:JJgy4m4NCD3dTHYPwOphfX0J7qF8DHuUhh+LaJTbbD:JJgmXD31gfDFkM
Threatray 10'405 similar samples on MalwareBazaar
TLSH C9541B6CAB88B902F73D1D36C2DA826013B1D1934512C34F6EC54EFA7F627C9764D29A
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1alrypn0nq0fxsgb-2tsc9W-Q9aRrtQ9J

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 13:48:13 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jorgbrduewqsanun2azgmbsdpv5id7bhh54pd3qcnujycspdkofa._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0cf4378a60635fbed046a2afa593ac87c02b814cb0f2760fcf475d2abedfb12a
AgentTesla
3acbeccd335e0141468ef85211cabec3f8cafc0583e94a0e59624905e972616d
AgentTesla
54e459b9722f9aa133e87abe7a92a8f5500cda7ba967ea9340978cee66631032
AgentTesla
577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28
AgentTesla
729456c90c37fc9670fe0723070c8c427186fb55d5754f1dc40ad1e58257ccc6
AgentTesla
7d64e42ea1515dd7446af19f7b5ac4aa761c9fa00ced210d0aca68987cb870f7
AgentTesla
829008943eff3aa587242f2dda6989e2f2b1e7cf7abcb10099071aa2444a9cb8
AgentTesla
8501b62ef01d0a8ffacb3e1c7bd13129fca8a621d00f14d81a1227cf6872c5fe
AgentTesla
b7f91e8b80d469bdd1ab452b999a839daff2bd5deb86d24d9a197e7a2941b604
AgentTesla
c7839a3137610ece15b06c73cb4e9ad2b7d175630c13717649974d1965d1235c
AgentTesla
+ 10'395 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

4c85574bcd24e984ebeadb3d841e7bcd3d8063f70fa8baf289e7038ca0ff689c

AgentTesla

Executable exe 4ba260c47425a120368dd0326606437d7a81fc273f78f1ee026d138149e3538a

(this sample)

  
Dropped by
MD5 b4b23809c2596a7d88e8f9894cc5f280
  
Dropped by
MD5 9e414b626ea21b0eb00abceea4051f23
  
Dropped by
GuLoader
  
Dropped by
SHA256 4c85574bcd24e984ebeadb3d841e7bcd3d8063f70fa8baf289e7038ca0ff689c
  
Dropped by
SHA256 9ab44d3efd4d02c3783bf435f14c80c8f7b1934ee52654633bfbd5d63b695ef2
  
URLhaus
https://urlhaus.abuse.ch/url/330448/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments