MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0d0e3f9a28df777219c7d6b73a45cbabba0de1b42878baab0ef1eacf5378c53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e0d0e3f9a28df777219c7d6b73a45cbabba0de1b42878baab0ef1eacf5378c53
SHA3-384 hash:	3f40ee597062460cf85af0903104b7cd12831ddeaab68fefd4b77481fdea17a9e77f7e0a833729fcd3d2a07a414dd7fe
SHA1 hash:	e4edc6afb1116fd4a3e017c90a093cd5448e7559
MD5 hash:	5d3a1586b35c940d8cac02963e0d814e
humanhash:	maryland-nevada-edward-virginia
File name:	E.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'133'568 bytes
First seen:	2020-04-14 20:40:27 UTC
Last seen:	2020-04-27 13:56:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	24576:ZnRDOjeT6VxS/RKBS16ATUAVMbWXEQwl5beU07X5HTolER1YBRl/A4/ElRb:Zn5UeTcS/RKBS16ATU4MbWXpI5beU079
Threatray	10'525 similar samples on MalwareBazaar
TLSH	103545BB4E6550C2F37A3AB90CDA7D8BD3B055EE3D8067C6D19C5BE928522870786730
Reporter	Racco42
Tags:	AgentTesla exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.KillProc2.7660.19330.20490.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2019-11-14 01:12:00 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

24 of 30 (80.00%)

Threat level:

2/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

345ef8849cbe5eef544828b73480fdd7f64e2dea39c2764d5a7491878755118c

AgentTesla

3cad8abfd66f6df4932c89a68f71e666568d74cb9260b05984294d1675e2d838

AgentTesla

4297b0f564c12f9b864cb9c48b6b408ca13349dcc557c3243fe398d4921a8a8b

AgentTesla

4850ce25c3caf99fc7f558ec6666d08c43d69ed4e1be9a8fd37f289db69561ab

AgentTesla

6256fe79b4bd8870fad4957cc03909d12e6bce104e37bd86a472f3cb13a5acfd

AgentTesla

7a3ccb191798f72fb41fb65d66efe2ffc82c848bf1a6d96738a4834a51d71761

AgentTesla

b5633218ddae3b49aec89824e1032e4826fb8504d39b64b3dbe1b2ff59d38f56

AgentTesla

b6921871cfac8b6c36204546606439b67a55077cff2b4848c95ead0c06495bf4

AgentTesla

ea2e7ec387cf91e0ad3d44c01b25adc702061e93b66d21f8b3dd1eab812045f9

AgentTesla

+ 10'515 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

exe e0d0e3f9a28df777219c7d6b73a45cbabba0de1b42878baab0ef1eacf5378c53

(this sample)

Delivery method

Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample