MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787
SHA3-384 hash:	16be1b676e88d736e91cac42caa4a0eb0419015d156ea07e0eed503d864b4372a1c175daf89c478890dc1ce29299b8ac
SHA1 hash:	6a520ba53b5704592de59b8a4c0b399ae55e8b12
MD5 hash:	c0249e3cd8a3009d711cafe2df5dd43d
humanhash:	oxygen-robert-snake-fish
File name:	fd2f7c6f5a15e9bf3da69784b6eb84b0.decoded
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	299'008 bytes
First seen:	2020-03-26 13:45:51 UTC
Last seen:	2020-03-27 02:27:19 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	6144:amNbvGjRGo7qXGLz7fhIa8Evf1uCojnlMbBbNoyTV:amNbvla4GjZH1oOoyTV
Threatray	10'473 similar samples on MalwareBazaar
TLSH	C3543A7D2F88B902FB3D1D3289D1566052F294834D12CB4F7EC41EEDBE627CA294A395
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=15SHNM45oBh2I6s3GaIoEDnPi3FcRKwfv

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-03-26 13:48:18 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qvlgvnlotyxhrgjrdx6ywmyiiiqcmqkntzz27a2yaurikkwg26dq._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

216a6e8acfa930350c156cdc047088ab9bfb9cf1f490771293427f490daabe72

AgentTesla

628fb13f63d68b25083522f21c084fc565fd8fe57e05b95b35b76ac01fdbf5ff

AgentTesla

6d2a192146876a4cbd53960fa55a8fe002e2280ef94642f880980dcb9eb7f5b4

AgentTesla

7cf059a1d51541e4a746e4f8f624152801c40489e612bb46abd6a4bab26f6851

AgentTesla

89f5773de397e09275d7d02812ec937343e878030232964061bb6aafdea5ccde

AgentTesla

8f9706ae3291a23f41bcdc0b9248389d39480087c2394cc249d45f30619441c6

AgentTesla

a215c693d52db997e4a64d302f976d4bccac373250c5c29650fe199d86e6db62

AgentTesla

bf5ea94f9caf0f0db89ebbab1b2d022be6381423eee08d35afd2e14b465ea840

AgentTesla

de51c601d1757953b944489454503ebdb6e95d39e19e5fb13838741e46533dd6

AgentTesla

+ 10'463 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

exe d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95

AgentTesla

exe 85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787

(this sample)

Dropped by

MD5 fd2f7c6f5a15e9bf3da69784b6eb84b0

Dropped by

MD5 2a189cfcf8a581e6b7b1ad530d8aec59

Dropped by

GuLoader

Dropped by

SHA256 d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95

Dropped by

SHA256 082cf664448ae5d0f42b4118d84209563cbb32b8fe3df3fef93f27dd4115ac56

URLhaus

https://urlhaus.abuse.ch/url/330439/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample