MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5195a4cafa2c4a637c0170a5d2840cbe6368489962568eb4676eed5bff50c6a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	5195a4cafa2c4a637c0170a5d2840cbe6368489962568eb4676eed5bff50c6a1
SHA3-384 hash:	a44928babbbdb95e6a2049cd447c90cafd2af8e0c5819443c3c6002b7fe7eb5d3f279ea73de9c445e8ba6f241b70479c
SHA1 hash:	862a4898d783c0f5621b780c1980fec3760d3c83
MD5 hash:	412189a3bfc4a8e30a5c1aeddf5c5fe9
humanhash:	golf-four-steak-lemon
File name:	d5275c6567a997faa0f8dc26ecce2ce7.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	293'888 bytes
First seen:	2020-04-04 13:30:10 UTC
Last seen:	2020-04-05 21:00:14 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:oJZ+G3e5rGv9aOdwiJr3yvFnXOJxdybKmeTV:+3OYdyNnXqXmeTV
Threatray	10'602 similar samples on MalwareBazaar
TLSH	0F543A7C2F88B902E73D5D3289D1667012F295834D22CB1F6EC41BED7F567CA294A386
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1L3ew61WkDpXCUlfLRlkBCLiGQtQ_7yGt

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-04-04 13:35:38 UTC

File Type:

PE (.Net Exe)

AV detection:

30 of 47 (63.83%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=kgk2jsx2frfgg7abocs5fbamxzrwqsezmjli5ndhn3wvx72qy2qq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

4129e19fc075ef4cc80941a611b9e030e97d390054c1bcee16f46711c3b1391e

AgentTesla

4a6e3e734e7545019cfe79f1fa90d2267db5f2115322451c4079b42f2e5a9e51

AgentTesla

5edec04b0b27b91523f60696c9a834bca0f4c6648d8a67c0df78db288e74bd2d

AgentTesla

7a4fbdd95415de552357735945b668843e9166d49a847a98b4cba946be2afd27

AgentTesla

859d266c7cf04978e4015c77e18b7372e1b4eb5682e3ebbcdc280633f6fa4dd9

AgentTesla

949837f9631acb0f8687c485fbce98349093f8cd11031e2d634acecca71785a3

AgentTesla

9d5fc5a92d1c5d163582bf69fdd24f8e3ea27e076de3212d0c89f76f24d19204

AgentTesla

b2bf861d3b82dc8a3cd796abad25570dfa9ebbcecb2e2299f14a6c8da1f8590b

AgentTesla

daf85125c5d6321b947f76ed13b2b582dede11879e73a073aa0feb1a9b87eca0

AgentTesla

+ 10'592 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b6a62892d0c72c672aa78ece083ef1e280376277f1b5dd5c4c8eafe6a7b1e48c

AgentTesla

exe 5195a4cafa2c4a637c0170a5d2840cbe6368489962568eb4676eed5bff50c6a1

(this sample)

Dropped by

MD5 d5275c6567a997faa0f8dc26ecce2ce7

Dropped by

MD5 283615a5e30dc94a00e8144579a71026

Dropped by

GuLoader

Dropped by

SHA256 b6a62892d0c72c672aa78ece083ef1e280376277f1b5dd5c4c8eafe6a7b1e48c

Dropped by

SHA256 cfce7290b226a2da73138e57b71b0693feef7d99fb6e23e63bd2613f204a299c

URLhaus

https://urlhaus.abuse.ch/url/334600/

URLhaus

https://urlhaus.abuse.ch/url/335640/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample