MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28
SHA3-384 hash: 5a928982cf7b5e525b6248e86f0c19cee1f05b2b478a33a11647c0815aeea7b4fbfd45223eb791a64e7bcca6aaaa5457
SHA1 hash: 75b941d951d137b5847a0426fad6d3365a96bf2b
MD5 hash: ef896d41d540ee1d2588388e1e539277
humanhash: kitten-violet-cold-magazine
File name:577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28
Download: download sample
Signature AgentTesla
Create hunting rule
File size:299'520 bytes
First seen:2020-03-23 18:57:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:ifZG1KGJ6Pt0isVM2rRolz0zUgWqm0cWjCQenbgoKTV:W6KGkPt0Droz0HWB8oKTV
Threatray 10'361 similar samples on MalwareBazaar
TLSH DF54297D6B8CB902F73D193249D1667013F295934E22C74F2EC81AEDBE537CA294A385
Reporter Marco_Ramilli
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-10 10:30:55 UTC
File Type:
PE (.Net Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k56fh6lz65pce3gnteepflv3hd7dqzt2knijkznosbvvu275zyua._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0444729289d8a3c480eb3f29e936f29d048f69c71a691b20489e50890fa22983
AgentTesla
143da9c82587966091a89e47a13083cbfa757699296e37b333ba607c7052dc8f
AgentTesla
1b476c8bd4604f9eb16f852bd2a7770520789b8740195c32b30f68dcfc9e91e9
AgentTesla
24e82b6d52501a968a09b294dff28bca82368e5974bdeca97cef781a111ff3c8
AgentTesla
288f7b2c4d5b4c951a079d7fe188d6fbfb6cedf4db4724f24a418078732a4c65
AgentTesla
356c699175a1c80f88272c54c40bcee13db731bdd78674ec0687fa164db51943
AgentTesla
4b97d14a3d57a73ad88741d5ee82611000eb3b64d7c23f2bc9d63c00d15a5fbd
AgentTesla
4ea8fc31e7c4c74b0617f0786c0becbc39fadb91af884fe6971f4726c866225e
AgentTesla
8d0e6eed295f741dacf9a0a752984c696633536c47e21a2c2a1c7b95adbc35de
AgentTesla
8f9586711a18e094be202b9e626a98192e7d100f65ef702c0cc466104028e91d
AgentTesla
+ 10'351 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/323344/
  
URLhaus
https://urlhaus.abuse.ch/url/323556/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments