MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
SHA3-384 hash: e104b70a3d0eaa34dc017abcb2efcbd49e518e1e58177bf4cb22ff9a61b434859b2f68f899e27e3c909397e0eebe68fd
SHA1 hash: 45bdcdedb99ce9e62b7d0efc44eaa99a72ad12ce
MD5 hash: c5a86a4a3099d907967d739d5d6f5436
humanhash: speaker-robert-salami-princess
File name:file
Download: download sample
Signature AgentTesla
Create hunting rule
File size:51'712 bytes
First seen:2020-03-02 06:02:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep 768:y+TAzHlOIE0B/qDuS2BptfCGLnd8MxVs8+HYbXEvvmVrIS0Ss2T:jA7lO0B/qDCLnd8GVs8+44vvmVUn
Threatray 93 similar samples on MalwareBazaar
TLSH AA33C712779B4712C95C35BA40DB312013F597CB5F33D54A2DAC06EEAF223A39A46BC9
Reporter johannes
Tags:AgentTesla RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/E92vemGs

Intelligence

File Origin
# of uploads :
1
# of downloads :
267
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-03-02 12:34:00 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3764a8690d829b849cc82babfb6dc75a3b6f812e46d3d9535c380c187534094e
AgentTesla
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
AgentTesla
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
AgentTesla
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
AgentTesla
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
AgentTesla
e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
AgentTesla
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
AgentTesla
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
AgentTesla
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
AgentTesla
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
AgentTesla
+ 83 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments