MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8425c75594dede14f2b9c7810e6c8824c7666329eee6866beed84e1f7674bc70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8425c75594dede14f2b9c7810e6c8824c7666329eee6866beed84e1f7674bc70
SHA3-384 hash: 7bdabb389a5c59121ad3228cc817a719cb95e90a86fc42878fdf8a13f3734e3af0e90494fc209685cfd86cf258cbeb6a
SHA1 hash: ec57c22435b52246e278cf54100ef26efb146d26
MD5 hash: d7181ce8ff76671d99b0c544a658f083
humanhash: princess-seventeen-autumn-oven
File name:Cotización de productos anti COVID-19..........pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:458'240 bytes
First seen:2020-04-17 08:25:22 UTC
Last seen:2020-04-17 08:40:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 12288:9NEXtMEHW8DGgdmIg0zmnY5R7kJO4myNJnUiOv:aMEH3pdbynYs82NJqv
Threatray 857 similar samples on MalwareBazaar
TLSH 23A41209430D82BBCDAE877CB7A2A10147F8D115F6C2F7A16D9E58F9884F3D98A502F5
Reporter abuse_ch
Tags:AgentTesla COVID-19 exe


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: mvegypt-server1.mvegypt.com
Sending IP: 64.235.40.5
From: marketing@medicaldimegar.com.mx
Subject: Presupuesto para productos Anti COVID-19
Attachment: Cotización de productos anti COVID-19..........pdf.zip (contains "Cotización de productos anti COVID-19..........pdf.exe")

AgentTesla FTP exfil server:
ftp.motocoroneos.gr:21 (93.174.123.235)

AgentTesla FTP exfil user:
offshore@motocoroneos.gr

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.278.13852.10590.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 14:56:08 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qqs4ovmu33pbj4vzy6aq43eietdwmyzj53tim27o3bhb65tuxrya._file
Verdict:
unknown
Similar samples:
1c74ee33301b9e985ee7f8040f12678fff3743fc250cc04230e54a2150dcc642
AgentTesla
38c2603cbbeb9ee8216681d4def420dec1bb778379c850c168830d72dc7afaf9
AgentTesla
77642de174198cae37f2b0ce29eb087f138800df44a79bd0e589962e9fc64e36
AgentTesla
7d4ece884460b1bf17b3de45eaea64b28f2bee38e8e29265816d33f134873886
AgentTesla
917a439a351ee055fe06848482c69532a15a101f4ec2c2a6faad04a505547436
AgentTesla
ad1ba35ad3e67c158d68821fc80b9b2b016fd511f0a527279c3f7da6ae50d49f
AgentTesla
b0e38a8ec3125711431780be0140229b6389d3b60a3bbc7aa134cc33bcc50f9a
AgentTesla
d1befdea5b845b2f44b7b2202bdf3d9e09a26fda3287581db28af324c865cdec
AgentTesla
df54803a477f2cc519ec0a1643cf2f4a63b3b260b8a6f43372d733629f1f3b03
AgentTesla
f2dc1174c060668495a3835ca8af6c2c49c8539163c6913dce2f34b5f7e987c1
AgentTesla
+ 847 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f178d7b7e460aa3d432b781fe883115e9b5f02a58e367e1f10d731f7eb4b5eda

AgentTesla

Executable exe 8425c75594dede14f2b9c7810e6c8824c7666329eee6866beed84e1f7674bc70

(this sample)

  
Dropped by
MD5 4086b22bff72a3e7b27b8a8bdee6e712
  
Dropped by
SHA256 f178d7b7e460aa3d432b781fe883115e9b5f02a58e367e1f10d731f7eb4b5eda
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments