MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fc32bb95555c9c2ed28b12a287e838afac9a1d7888aa022ce494ce0b75a640f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6fc32bb95555c9c2ed28b12a287e838afac9a1d7888aa022ce494ce0b75a640f
SHA3-384 hash: 7ae3ab6267e817215fde4b44ecd8efceec2d7a84a27e477ea04ffb8966a40e12b59f2f8eee5ba46077c0c3bd3d4f52a3
SHA1 hash: 1d5490b9453705b217d10134bed72306848f445f
MD5 hash: 2c1a989fbfc4f3c56a57a1a117b665a9
humanhash: double-alabama-sierra-pasta
File name:ec263c446fc5ebc59d997a580c4e6a36.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:297'984 bytes
First seen:2020-03-26 15:41:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:gtkTeTUbYxpyJC/oFTpTf016Y5Gki0TNiezeY1WEbJoaTV:gtki4vkwF1TfJj05fiAoaTV
Threatray 10'379 similar samples on MalwareBazaar
TLSH E4541A7D2B48B902F73D5D3289D1666012F1D5834E22CB0F6EC81FED7E5A7C9284A396
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1e3LemxBfOWOEoLXLEQDfwPlAbetMcotq

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 16:36:48 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n7bsxokvkxe4f3jiwevcq7udrl5mtioxrcfkaiwojfgobn22mqhq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
4dd2b414c77ad5e60685dd8afbb92d5bf6e3ed11edfa368ae0b8b042c7cec53b
AgentTesla
518f61b23eb64a58b3bc75b881de46dbbf852a3f77ae3677d5763caeb2ad913c
AgentTesla
51d2148d14e4b9f01226e3e53fa73e45fb67bf73037a68e032316954ca7babbc
AgentTesla
5bdd08d6795379ec86f205b7f1be9c2b638fe95a21ec55a8700a7c6d2363f68f
AgentTesla
623e37acf038d163685f53206e0a5090a2178b7b9a4788ab5fbbf24f723d1d55
AgentTesla
b775d2aa67b592663e6302c3978819d81716854281936e3e800720aaa06b25c7
AgentTesla
c11379bd7e59df5f1715c22cb396ac9b5c5233867936e29aa7f27b9e3b410f7e
AgentTesla
c6c1a098e493a3c1352af758cd13093b1d7c395f3d0bd3a5668a6121ec5896d5
AgentTesla
d444059c72ee1b5b335eed7d5985b959c831d4508860222eb277683e77d02eb7
AgentTesla
fe996a84af7536042d8dd2fa09dd6a46120e5efa926eca53de867f74cb0130ad
AgentTesla
+ 10'369 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

10120dab9e54cff09c36d80fb197f96c1661bc762517390d33d43d94f113ed92

AgentTesla

Executable exe 6fc32bb95555c9c2ed28b12a287e838afac9a1d7888aa022ce494ce0b75a640f

(this sample)

  
Dropped by
MD5 ec263c446fc5ebc59d997a580c4e6a36
  
Dropped by
MD5 a4ea97dc8d21968a9e3c1406af397198
  
Dropped by
GuLoader
  
Dropped by
SHA256 10120dab9e54cff09c36d80fb197f96c1661bc762517390d33d43d94f113ed92
  
Dropped by
SHA256 71c9634dee62e1afeea4bb572902a8d43953b11afd65e31f389983384d7ad4c3
  
URLhaus
https://urlhaus.abuse.ch/url/328894/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments