MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c2695b65c0ea7738435c45b8534c7f4c41d326ce50156a645872137ac1a6986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c2695b65c0ea7738435c45b8534c7f4c41d326ce50156a645872137ac1a6986
SHA3-384 hash: 02fa1b1106f1e20bffc1cb812c1d1e9d7a2c01ea72de058d16060743279577d3f2087d52e2b5738f969b751c5e981bb0
SHA1 hash: 1f5b7409070dd864ff58e049b1c52450d66a2d5b
MD5 hash: d35815e3d18851abe5b317f42cf3912b
humanhash: avocado-paris-moon-mississippi
File name:fr.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:299'520 bytes
First seen:2020-04-06 14:05:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:BbDmhVMgGpbNzGVgOJ9p0HkiGcJd8xI++Y7bAGO8:hmC8Rm+2GO8
Threatray 10'552 similar samples on MalwareBazaar
TLSH 3B543BAD6B98BA02F23D1D3245D5522512F1D0838E13C34F7FC49BE87E717D92A8A396
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 13:47:49 UTC
File Type:
PE (.Net Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rqtjlns4b2txhbbvyrnykngh6tcb2mtm4uavnjsfq4qtpla2ngda._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0f75f6670487368f4ba9f5cf419f8f96433a2c4176bd2d07c4a12d0c83963abb
AgentTesla
1bc624619190f4f4737d9041e58e297834dc6a26d063bb06a037fcb117390e0d
AgentTesla
26f12a10101a50fc8885e3a60fac8e0257da43c5a83cc7b104e767aa5dbc3f3d
AgentTesla
2dc17476d3fd11bd7a844bf4e4f5b96b0784ce7d3376b8b8b02d408a4edbd772
AgentTesla
582bf260dc96b5750a763e24d89ee3c2fba8367d17c24644d15174df0fc39bb3
AgentTesla
6c731b9e623222de40d78c857573d713bafce156a4b42dd445a840fddfe585be
AgentTesla
92891933f5cd5e261f775149ca28b09ac1470b28a5d42d533ab5ed1712c18229
AgentTesla
9d2a8b10360c33870703b79c4b9a102b3881b9d903870f5f9863c5e61e1c132c
AgentTesla
ba5033938940bfc09e87ad5e2adda522d816c7014d818d65fc07c335fd3a1630
AgentTesla
d77d7298cf6f8d15655ced4042c5057b12ca79fed15052bca1573ea5ad084bdf
AgentTesla
+ 10'542 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/335771/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments