MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 543e4bbc8444271fb08a6ee12c5ebd5638e95d51d85a63eee6ecd4f54b14dc92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 543e4bbc8444271fb08a6ee12c5ebd5638e95d51d85a63eee6ecd4f54b14dc92
SHA3-384 hash: a064b3e2bc0f10f34a233a700cb2d219a2cae1bfa0430d154fb690e66967f9a1afb0c29d1e59a10a04d694eefdf8731b
SHA1 hash: e5704d053e4579e0b00b9e2e23e9152cfa196057
MD5 hash: 3e7ad21402489fb4e595c0df54c48a4c
humanhash: ink-connecticut-spring-edward
File name:36e3ba9d036cd42fea7981a61c0cc494.decoded
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'984 bytes
First seen:2020-03-26 13:46:55 UTC
Last seen:2020-04-06 10:55:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 6144:HNKlczjMCjIG+KS0qwCtWN5GnQMrrfReSjFrbl7oCT7:tKlc3jkgHqwRNW1UKoCT7
Threatray 10'528 similar samples on MalwareBazaar
TLSH 3754397D2B88B902F73D593289D1666066F194834E22CB0F6EC81EFD7F527C92C4A395
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=19JSRaZ_xHE4Y5hQnTee-DtkG_Id9aEFf

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 14:35:47 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kq7expeeiqtr7mekn3qsyxv5ky4osxkr3bngh3xg5tkpksyu3sja._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1218ee2697c81ec26ec94b3962edb0f4f21d38280c2b7b72a609cfd03aaa544c
AgentTesla
2395a5af4e6e127f5b7be6dfa864b5cf24f3c514ba279dfca19f5769b8edba40
AgentTesla
27bd6b90b0679826263d4555f66bfc6d153c46538b5fff3a23cf31f03ef2c1a3
AgentTesla
6ad5058e7337cc09bca5837f26cf6b61bdccdfecdae0dcb97cbe324a2d5a7275
AgentTesla
7c115cf42d017611699793d39f8e25ffb06f8ab6508ccf562b5ffd1b7fdb3779
AgentTesla
7f713885692f0ffe8baebfd4abe9557c49a3ead6f1963402a71266c0cd6256fd
AgentTesla
8bb885f9c9c6d765926f549592bddb567c2075b9c3e92334200af63f64be1485
AgentTesla
e2d6119bb484c9e5f5a7107b4687553416208badbb881df4328bec5146d08509
AgentTesla
e9c66deea17bd72dd008c96d6ef671faa5ee2319f541100557093cff0bdc0dc7
AgentTesla
fd512bcb35f6f9b41f33ec961e46e3b80a774d8038a03abb1b693064a84f8f1a
AgentTesla
+ 10'518 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

841aa29f6efa147ce7e73aa6558b8ce9dc3a0be72ce61ed2b9d03a3507af1e23

AgentTesla

Executable exe 543e4bbc8444271fb08a6ee12c5ebd5638e95d51d85a63eee6ecd4f54b14dc92

(this sample)

  
Dropped by
MD5 36e3ba9d036cd42fea7981a61c0cc494
  
Dropped by
MD5 6ce21278c02ea9c099fcbd892fe60a09
  
Dropped by
GuLoader
  
Dropped by
SHA256 841aa29f6efa147ce7e73aa6558b8ce9dc3a0be72ce61ed2b9d03a3507af1e23
  
Dropped by
SHA256 e340d7a9b20393430e44aa22ad1b473862a0c17d636be7757e77ee5cc231ab40
  
URLhaus
https://urlhaus.abuse.ch/url/330440/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments