MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b
SHA3-384 hash: 5792dab2710195f7c68874865f11c1031054aeb6e382fc86f397cf8b69aada558e172190895df76653093f03cb9a8279
SHA1 hash: ca0948ef0ac09abe74409996abade78592128e83
MD5 hash: 3cfb260d783d250ec61b882d880a41df
humanhash: ceiling-alanine-foxtrot-wisconsin
File name:file
Download: download sample
Signature AgentTesla
Create hunting rule
File size:51'712 bytes
First seen:2020-02-27 19:11:17 UTC
Last seen:2020-02-27 19:13:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'652 x Formbook, 12'246 x SnakeKeylogger)
ssdeep 768:XxxCfAzxlOqnXajqSfhr/o82djYkMPu94UIk5TdKi9Y+UP4S0uvisb2T:oA9lzXajqo6qQTB9Y7Qnuvis
Threatray 91 similar samples on MalwareBazaar
TLSH 1933B712774B4712CA5C15B980DB342113F59BCB5B33DA4B2EAC02DD9F22393AA56BCD
Reporter johannes
Tags:AgentTesla RevengeRAT


Avatar
viql
revengerat via https://pastebin.com/raw/ZFJCu41i

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-6332612-0
Create hunting rule

Win.Trojan.RevengeRAT-6690354-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-01-23 22:16:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
3764a8690d829b849cc82babfb6dc75a3b6f812e46d3d9535c380c187534094e
AgentTesla
460cca0f6a1acc665e76da5539844db4fd042761cbe9641a2b9fb663a322a3ab
AgentTesla
7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da
AgentTesla
a324263f8734bb62ba035022d5533419994482ccd63f8adbf717ae52a9c2e6e1
AgentTesla
d74f9f54c19ff7ec1301b84bc72ee2b143c94db7b56c88b4c660cb7abcd7b513
AgentTesla
d85497f61b07d8f8cc30c3c66ab21883a0274c7a3e7bc982a3a622ca2eed39a4
AgentTesla
e44ea6095036b15910c82941c0c3af5178687d3deeb9954adf9967cd833b9349
AgentTesla
e72478765908b84f150ef0b7e895cfca0780a9107de6cf819ec5715f6f179acd
AgentTesla
ed5c6f06e459285fa5e621026be965558add0841e7426ecee6d3e41d5e9b9761
AgentTesla
edcf2ab0937689a7e0475395a8654f874e413649ee63100e61c4d1a8c09ba681
AgentTesla
+ 81 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-lemjvrd6f2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments