MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec849a605c6a400f95f039d26d3cd3774d1c5548c05e9ca4ed477346eb49de78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ec849a605c6a400f95f039d26d3cd3774d1c5548c05e9ca4ed477346eb49de78
SHA3-384 hash:	4b2d5dcb1fc8716d7a5c8f9a781c912ab072493c45ed94b1708a5a587274cb9310db1b2be023d9399912f8ea7f653460
SHA1 hash:	23a05bd888de226aee4c4739e03579c6a9d21199
MD5 hash:	b45610a7fb390c6b220b9ab9e061a29a
humanhash:	venus-lithium-vegan-nine
File name:	a19e4782f22d9d63a0fcbfb580ba3531.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	297'984 bytes
First seen:	2020-04-02 07:10:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'649 x Formbook, 12'245 x SnakeKeylogger)
ssdeep	6144:t/AIe5LQ9/HP4fX7vmP9wKAquW6EZbPoaTV:tYIoLvSRdoaTV
Threatray	10'712 similar samples on MalwareBazaar
TLSH	A2542A7D6B48B902F73D5D3249D1166012F295834D22DB0F6EC81FED7F6A7CA284A386
Reporter	abuse_ch
Tags:	AgentTesla exe GuLoader

abuse_ch

Payload dropped by GuLoader from the following URL:
http://office-updates-index.com/max.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.AgentTesla-7426372-1

Win.Malware.AgentTesla-7660762-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Autorun

Status:

Malicious

First seen:

2020-04-02 07:35:45 UTC

File Type:

PE (.Net Exe)

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=5scjuyc4njaa7fpqhhjg2pgto5gryvkiybpjzjhni5zun22j3z4a._file

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

1c1130ce3271a9e6274359dff31e8ee2f6c976e6df1e494dfdaac3b8f9a2b605

AgentTesla

2ae247545c4291da9b83ad9ba0c6af00bd80c896a3fb9fafd028e09444bf3baf

AgentTesla

6de7efc9e04cb4db0acc603a7ed700b186d0545acd0e8e84a1d8cce668202dc8

AgentTesla

74ab8f0473abd56c9bc966703098259faee9c244e7a0348c0c6adc8cb454d2c3

AgentTesla

a6d937290d2d478dbb5ac269b00586d6e2b1d85e667bb137d1b883f6006bd0d6

AgentTesla

b27fd2cbe483e550851bc677136273b638ca49ac2bf58e64e51ca1db6763f387

AgentTesla

bce1f7597dcac5d3744d485142c06a71b60eb246a4f5e97bc41848150a822215

AgentTesla

db4b3a6973d72cc85732f69e9b81d544df409c5c1a518081fc04b13457807c3a

AgentTesla

e469882fa707c3f2f85c8bdd5fe250434f3fa5169ee71f8132dce99296b99629

AgentTesla

+ 10'702 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

GuLoader

exe 79c02f862d1c71aceecaff12e89133da4dd8874c19d6a8ee882260b795aae16b

AgentTesla

exe ec849a605c6a400f95f039d26d3cd3774d1c5548c05e9ca4ed477346eb49de78

(this sample)

Dropped by

MD5 a19e4782f22d9d63a0fcbfb580ba3531

Dropped by

MD5 a8ad81e334125f152e4a8faaeb82fcb9

Dropped by

GuLoader

Dropped by

SHA256 79c02f862d1c71aceecaff12e89133da4dd8874c19d6a8ee882260b795aae16b

Dropped by

SHA256 37f0846404ec9156d93c1eb3870d9055174112454b79fae7f5f877ce57cacbf2

URLhaus

https://urlhaus.abuse.ch/url/333833/

URLhaus

https://urlhaus.abuse.ch/url/334055/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample