MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
SHA3-384 hash: c77034c9be80e241bcccfa6dd8aeb6aeda3212a303c5cb6897891d9a8ce09e4a5a81802358a5421b9affd39d5442acf9
SHA1 hash: 17e4e9a6fa4e1c3722ac7f6932b2a5d701ef93aa
MD5 hash: 6dc4fcb91de5702b0759de0a215706ff
humanhash: white-hydrogen-comet-kentucky
File name:HV6XpeKt.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:52'224 bytes
First seen:2020-03-16 03:42:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 768:ZyvAzclOnLcYKzqsD/dfg4klJYSOOMqaq4PTzhLQZAcO1S0YV2T:aAIlWcYKzqsDVErvaRThQZAcmn
Threatray 93 similar samples on MalwareBazaar
TLSH B333D9027B878712C8EC09BA40EB752113F09FCF5333D64D2E9C669D6A52393AE597C5
Reporter johannes
Tags:AgentTesla RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/HV6XpeKt

Intelligence

File Origin
# of uploads :
1
# of downloads :
280
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6332612-0
Create hunting rule

Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-03-16 08:59:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3764a8690d829b849cc82babfb6dc75a3b6f812e46d3d9535c380c187534094e
AgentTesla
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
AgentTesla
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
AgentTesla
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
AgentTesla
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
AgentTesla
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
AgentTesla
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
AgentTesla
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
AgentTesla
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
AgentTesla
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
AgentTesla
+ 83 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://pastebin.com/raw/HV6XpeKt

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments