MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d3fa90e5406de233bac6088b8e17d4f9a3684f2320451e2a5ee9ddcf24896b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	7d3fa90e5406de233bac6088b8e17d4f9a3684f2320451e2a5ee9ddcf24896b4
SHA3-384 hash:	b4a09e450e4c41f9508d9dcf89c1d158e2797241bab8300d0c53e07a70d93b9537e90326afe7abd6f8a7752ef2437a9a
SHA1 hash:	a55279be6d3407bd5958ca12c91d76590cfc3ed3
MD5 hash:	ee38bb17f64c5b9ee7737fec3b5a553d
humanhash:	florida-berlin-hotel-montana
File name:	9ebd3f0786d345654d23e2a5b46f518c.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	299'520 bytes
First seen:	2020-03-26 15:28:10 UTC
Last seen:	2020-03-26 15:43:36 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	6144:rGjF2Lfxvfk78QQxVLKyWaqGwPhVI/+Px4o04PokCpX2bXoyT7:6Z2Lf1YjQFMrV/o0oyT7
Threatray	10'443 similar samples on MalwareBazaar
TLSH	6E542B7D2B88B902F73D193289D1266112F194834D22CB4F6EC41FFD7E5B7CA294A396
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=16hMimq1Y0istmMZ2IOgI7MGyJ1RhummA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-26 15:36:19 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pu72sdsua3pcgo5mmcelryl5j6ndnbhsgicfdyvf52o5z4sis22a._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

16323d4c8b9b81750381853fb6a76292694aba2e21a74e3bc31ca78f47da4a4e

AgentTesla

7038be512775198abba2218e0999002c5c9e871bbd14557c7c4fb7fcfca21dc7

AgentTesla

a5ff5a9fcf2feac3b12b670c556fc58801d487fa5a0a9221a5c6b57f6e57fe19

AgentTesla

b5182989a98103875c94a075dc77caf5999969da712ffad13327f3776aa040d9

AgentTesla

b7af5ae62cdefa53767c986467d3c41c7f50f52e4c06ea03ce261c778eff269b

AgentTesla

d3f256429b38edf61af7b34a0a0b888e9fdccafa03b339a08eef7084bcf50ca8

AgentTesla

e38df9c0ed07f3226d5a6d5325317c0598011a125f21dc7890e92f661dfd675f

AgentTesla

e900c3505d7f63d785fb86b4ee53ebd3def2d764f881d6015aa224ea59a098c3

AgentTesla

e9c66deea17bd72dd008c96d6ef671faa5ee2319f541100557093cff0bdc0dc7

AgentTesla

+ 10'433 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

49a31ff79556056b1a8a15ca231da53d0e88258854deb0a2d101fe216db0121e

AgentTesla

exe 7d3fa90e5406de233bac6088b8e17d4f9a3684f2320451e2a5ee9ddcf24896b4

(this sample)

Dropped by

MD5 9ebd3f0786d345654d23e2a5b46f518c

Dropped by

MD5 d72dad341f8ce5dd54edfb3b6d35fce3

Dropped by

GuLoader

Dropped by

SHA256 49a31ff79556056b1a8a15ca231da53d0e88258854deb0a2d101fe216db0121e

Dropped by

SHA256 fcea108d837ea3b6bc1383bebfcd5f8bce074b03d8df4a792342fec7702d8649

URLhaus

https://urlhaus.abuse.ch/url/328744/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample