MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 903ceb802bdb0a58f173f1d9e369d10fc14378232400dc2cb0d14377c5f4a4fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 903ceb802bdb0a58f173f1d9e369d10fc14378232400dc2cb0d14377c5f4a4fe
SHA3-384 hash: e938ff2f8808bfe8f7306f5cc91927ac3b7599224e5799fccbf8397d94096f86224a10f81cd89b05d9181b58caa29ca9
SHA1 hash: 8047234b2b615b95b2ffd7645bd96d40374aea74
MD5 hash: 940457b95d88466e92133669ef63c02f
humanhash: ink-zebra-august-emma
File name:COVID-19 UPDATE.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'216 bytes
First seen:2020-03-30 11:23:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:4v5bSaVjMp4zMotmlpsmYC+zVbUmkoGhJm0U6mHPOWLXbEA1fd0zx7VOabWGjXuh:4kaVQp+M+mlKPVhUmkdJm0U6mvOWTrCq
Threatray 85 similar samples on MalwareBazaar
TLSH 8F842323B7D9940FCE5D107CFAB16BE1B7F866263401F2D46EC12560ADA73C44A43ADA
Reporter abuse_ch
Tags:AgentTesla COVID-19 exe


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: simplecity.sa
Sending IP: 185.118.166.15
From: El Fadil Omar <fadil@simplecity.sa>
Subject: Customer Advisory - COVID-19 UPDATE
Attachment: COVID-19 UPDATE.zip (contains "COVID-19 UPDATE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42904878.4232.28072.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-29 23:30:43 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sa6oxabl3mffr4lt6hm6g2orb7aug6bdeqanylfq2fbxprpuut7a._file
Verdict:
unknown
Similar samples:
087697d241c62f0668f25caa7c739611b4ab1ff5ff7fba466757e67aa5e3a608
AgentTesla
1a7fe9f45a80c2dae0237cc9aada201d3fa5eca08bfbc297e48f22faa35f131e
AgentTesla
420d2d11f2a47d6001c52c27be90bb4c1221242af9b5c44381d0012e84aa75b3
AgentTesla
4934d33a7f00d07cd8c4eeb39889b2089decc7274ab7fdc647fc28f21b0ad7ec
AgentTesla
4b8b49bdfa435d0faba2e3964b04e20bbfc86aa4ffc3c3b8e1449894892f125b
AgentTesla
5ca99517ae76972d3dab6e51515a57e15e75e7bb7c3a7e16228f770fcc7833e9
AgentTesla
80e321d63e5c084fbd8c213f315e9eb7e56b7fffdbeb48c2c35f9e172bba9c36
AgentTesla
af090158e0913e0202e9e61d41dd891e697e1b2bfa59cdda2c81da1067ac5e79
AgentTesla
c48ab81f93ccd69c6d2b796cb4f431db97179480bf6251b715347b0b32dd500e
AgentTesla
fdf384c1cbcfbcd1bbb814f9d80ddcc4d2b3c786fda29c3a48ef7cde8f08d78f
AgentTesla
+ 75 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1daab6a36a1212d57325398a9745761bc0d5dc95309d16bfef2ed7128738fcbb

AgentTesla

Executable exe 903ceb802bdb0a58f173f1d9e369d10fc14378232400dc2cb0d14377c5f4a4fe

(this sample)

  
Dropped by
MD5 f4119abc3fd5addda5b09f3955692038
  
Dropped by
SHA256 1daab6a36a1212d57325398a9745761bc0d5dc95309d16bfef2ed7128738fcbb
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments