MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f087cc15d7f6f69f46563b5e58ca6141d4687beeec5230f6cb11dc3ae52f1cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f087cc15d7f6f69f46563b5e58ca6141d4687beeec5230f6cb11dc3ae52f1cc
SHA3-384 hash: 1a06793ad0dafa0f8273e2ea809989931d2c8c57f610b977b7a86f254aaf1d1197277bcbd6b6b6a2a8725e444b37ef7b
SHA1 hash: 0b89ae69f11d45b4631c7945d6aceaca4f5a2bf2
MD5 hash: ab0ef36f5e8c5d80fd548e85340cfd10
humanhash: autumn-nineteen-ink-seven
File name:pov.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:299'008 bytes
First seen:2020-04-06 14:05:31 UTC
Last seen:2020-04-06 17:32:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:nsqbiVcN0Pp3Vg8hKDjbmBrdT8jqD5SZ6Lj09oOK44I++p8b+kOu:sqbiVUIm8hKud4ZKMol4DkOu
Threatray 10'540 similar samples on MalwareBazaar
TLSH 61543AAD2B88BA02F23D0D3685D5132422F1D1878D22D75F7EC84EE87F617D9394A396
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 06:47:16 UTC
File Type:
PE (.Net Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4ehzqk5p5xwt5dfmo26ldfgcqounb5653csgd3mweo4hlss6hga._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
04fd9df0e5ec9e9f2ddebfa497adbe3c57876dd52d8b778cee3701f21cf02986
AgentTesla
086131bf031aeeb372e3cdd11208f308854b5fc52e68186f738be9cddd01c032
AgentTesla
2b5d96d018098da5990f2d6d721ab925efd4422c13cccf031775b6fddd5f801e
AgentTesla
50d83791145d6b09c47fc90279d568bff571181c97d9dad9ab63c3e9c9b935af
AgentTesla
56f2c7b9d0efa06b177d87a0617b2a4ccb000d72599d046e3cc014628a4ca497
AgentTesla
66178c5a45af58b7b0710d3867d501cbef090c10817fd1ebf5555477c2c32098
AgentTesla
76a9e5adfaa09f62bf8ec4902614b0224938a1ba93ec5af755629ff684b51278
AgentTesla
8433ac6d87185d65251a833f4f37ac4095395d2751da1ff95e8d9d4e53656480
AgentTesla
859efa73b4cce2a53a6d720f2b8d0404184afb3961ac63dd3abd1d15244c84b0
AgentTesla
f150b76e622e7da135e3d47a20c424aa20a6efeb839b15d301c17233bdcbc9f4
AgentTesla
+ 10'530 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/335773/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments