MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff52fe7d07c4f4c02633b6412aecd9e5a27a591d27155a6448e6044c33b8f194. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff52fe7d07c4f4c02633b6412aecd9e5a27a591d27155a6448e6044c33b8f194
SHA3-384 hash: d92098776ec04cd3639d95af391fee4b52462aeb015defdb507d4a572878d4a61434465847abe5ef703c7a4443fab604
SHA1 hash: 2969f255ed378e85ec829b8014e34417a525bc47
MD5 hash: 264d328735f583080e6990104abf8e89
humanhash: tango-blue-mockingbird-arizona
File name:elb.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:301'056 bytes
First seen:2020-03-23 20:48:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:nbsYNA8IeVXhMDXSfxmlxhNeEZIolLmcLobZoaT7:n1NA8I2YXSQj/mM+oaT7
Threatray 10'511 similar samples on MalwareBazaar
TLSH 9A542A6D2B88B902F63D5D3389D1266056F1A4834E12CB0F6EC81EFD7E537C96C4A396
Reporter cocaman
Tags:AgentTesla COVID-19 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 03:21:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
29 of 31 (93.55%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=75jp47ihyt2majrtwzasv3gz4wrhuwi5e4kvuzci4yceym5y6gka._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
00cf9f1f71d204af2c96bebfd9b269dd387be2f2e61a3efd008cec0744f5e007
AgentTesla
060163be3a5a8a3c01b812b493cf37c88542825b6155c5dcd1469f8ea6533791
AgentTesla
0dad541bfb58986d8e53cf1ebb05c9eced195bc4971283098f8459670545682f
AgentTesla
268016b6a5ef2e4488d899815b0d2b24c95a99e4b4fed5c946a4e1d947f5c26d
AgentTesla
5ecfea430f1801299be4a50346c041ba396e4b7e30f635f7ec579ebf56328d80
AgentTesla
870fe6b4452b111da70a75632e46487b3ddfb7a247fc8a4ec6a727089cef49c2
AgentTesla
a1adc016843b4ca4e6b792883fb3d25072275d1213eec5c16a9940653b9a7508
AgentTesla
a215c693d52db997e4a64d302f976d4bccac373250c5c29650fe199d86e6db62
AgentTesla
de51c601d1757953b944489454503ebdb6e95d39e19e5fb13838741e46533dd6
AgentTesla
e0e9dc6044a68060a3eac5b522383c51d65e1720ff209aec58ad55dd49213f59
AgentTesla
+ 10'501 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Word file doc bf3e6298662aa3e82d2b005d3199c24695f18067e9098ae976e6eab630dcb883

AgentTesla

Executable exe ff52fe7d07c4f4c02633b6412aecd9e5a27a591d27155a6448e6044c33b8f194

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 bf3e6298662aa3e82d2b005d3199c24695f18067e9098ae976e6eab630dcb883
  
Dropping
AgentTesla
  
URLhaus
https://urlhaus.abuse.ch/url/328745/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments