MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f9706ae3291a23f41bcdc0b9248389d39480087c2394cc249d45f30619441c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f9706ae3291a23f41bcdc0b9248389d39480087c2394cc249d45f30619441c6
SHA3-384 hash: 9c8d91b5d26dc13ce87ef973f5bd0070d153608a899fce7f30457fec81686199a07341840c5127fe8d6fb484eb1eb421
SHA1 hash: cec713c0e21e47b243d197c8ecd6df8585618810
MD5 hash: 58c1934f80acea96c09e1c15bfc093ae
humanhash: missouri-golf-march-magnesium
File name:da96666f30e5e9b0c1236ea6b93300ba.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:298'496 bytes
First seen:2020-03-26 15:49:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:fvBSNXAll0he2jyc+tQbaEmgGZ3ZobOxLETJFLF6ENbBouTV:fvBz0hnj7UciaTnLFrouTV
Threatray 10'387 similar samples on MalwareBazaar
TLSH DD54197D2B88B902F63D193389D1766092F194834D22CB0F6EC51BFD7F527CA284A3A5
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1LUtWF1eVgVeJli510btkfnkidzJsZkea

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 16:36:51 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r6lqnlrssgrd6qn43qfzesbytu4uqaehyi4uzqsj2rptaymuihda._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0dad541bfb58986d8e53cf1ebb05c9eced195bc4971283098f8459670545682f
AgentTesla
36f23217058d61b401b63cfe41e8a7ccc1f5525a3f6b0c57800fda8403429fb6
AgentTesla
577c53f979f75e226ccd9908f2aebb38fe38667a53509565ae906b5a6bfdce28
AgentTesla
652408958600d63469d0ca6534e7c223f9d3794267fe49fe5e924e28b3dbd0d9
AgentTesla
9a8948340515796c4fe204849492d03184034350e2e28c1e34beba51a9b960cc
AgentTesla
a215c693d52db997e4a64d302f976d4bccac373250c5c29650fe199d86e6db62
AgentTesla
b72906cf963bcf4115a7d436a4768e76597524faf4a12f60fa42c2d59346b7bb
AgentTesla
d019817ea685d2263a332bd4dd3b95ea750ce42f0834ea7c6464c2b7328b8ed8
AgentTesla
dedf36514df689bf45199f4637020acf6f800ccdca2f8558b96973ed6298b72b
AgentTesla
dfca8cf09994229afec678b5c279d247e3e69c45f2878f816025b4933f3bc3b0
AgentTesla
+ 10'377 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

96c395397d940e77a1de66fd982a76b7e9a5430297abeefb471e0f77c5d9986c

AgentTesla

Executable exe 8f9706ae3291a23f41bcdc0b9248389d39480087c2394cc249d45f30619441c6

(this sample)

  
Dropped by
MD5 da96666f30e5e9b0c1236ea6b93300ba
  
Dropped by
MD5 7cccebc4d2368fd5857dcd59051b619c
  
Dropped by
GuLoader
  
Dropped by
SHA256 96c395397d940e77a1de66fd982a76b7e9a5430297abeefb471e0f77c5d9986c
  
Dropped by
SHA256 bf62c04e8739215c792d5719b2ec01965eaeba30451fd49e5b0653893923fab1
  
URLhaus
https://urlhaus.abuse.ch/url/328951/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments