MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74ab8f0473abd56c9bc966703098259faee9c244e7a0348c0c6adc8cb454d2c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74ab8f0473abd56c9bc966703098259faee9c244e7a0348c0c6adc8cb454d2c3
SHA3-384 hash: 06e70a740aff29443331fa9239931b44647d1ed13b04e5d76595d7bb41c0f7b92908d5264f7e5d6baa19a30fc24d0fbb
SHA1 hash: 29084eaa0d023b29063f7e08dec49b3fefccca05
MD5 hash: 74a8a8c5177562e67df1b0935773d609
humanhash: double-green-emma-sink
File name:SecuriteInfo.com.Trojan.Inject3.38633.16514.19478
Download: download sample
Signature AgentTesla
Create hunting rule
File size:630'784 bytes
First seen:2020-04-16 12:01:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'650 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 12288:llF3ZujVaxlcEAlxBwXZWOGtr5wi96fx6Uvhv9:ln3Zu5agEeXOor5P96XvhV
Threatray 10'747 similar samples on MalwareBazaar
TLSH 55D4F1367896C108C92507BA40A9D7C0BB770D853D5ACB3D70CB538CBF53AAB3B16699
Reporter SecuriteInfoCom
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.38633.16514.19478.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 18:58:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=osvy6bdtvpkwzg6jmzydbgbft6xotqse46qdjdamnloizncu2lbq._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
094f6a9977aca85ca844fdab18035108dda8907b5c7b90416653a573e4e127b7
AgentTesla
1c1130ce3271a9e6274359dff31e8ee2f6c976e6df1e494dfdaac3b8f9a2b605
AgentTesla
2ae247545c4291da9b83ad9ba0c6af00bd80c896a3fb9fafd028e09444bf3baf
AgentTesla
6de7efc9e04cb4db0acc603a7ed700b186d0545acd0e8e84a1d8cce668202dc8
AgentTesla
a6d937290d2d478dbb5ac269b00586d6e2b1d85e667bb137d1b883f6006bd0d6
AgentTesla
b27fd2cbe483e550851bc677136273b638ca49ac2bf58e64e51ca1db6763f387
AgentTesla
bce1f7597dcac5d3744d485142c06a71b60eb246a4f5e97bc41848150a822215
AgentTesla
db4b3a6973d72cc85732f69e9b81d544df409c5c1a518081fc04b13457807c3a
AgentTesla
e469882fa707c3f2f85c8bdd5fe250434f3fa5169ee71f8132dce99296b99629
AgentTesla
ec849a605c6a400f95f039d26d3cd3774d1c5548c05e9ca4ed477346eb49de78
AgentTesla
+ 10'737 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Executable exe 74ab8f0473abd56c9bc966703098259faee9c244e7a0348c0c6adc8cb454d2c3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/341336/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments