MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA 1 File information Comments

SHA256 hash:	fffef10b9e3db99c874f8b9dd3bb8bd7adaf829b75d4e6f28ebacd5755b633d7
SHA3-384 hash:	d047d332b755c19b735b1960995d84b2ed3d011b164e2d19dc3c953f5364490e17ada3f8cf22d9000037b14dbd95917d
SHA1 hash:	e3b5b79cf1b53a37abbbd37dd74443334bbb2151
MD5 hash:	3312ad02b4a167fe8fd541105833bf46
humanhash:	louisiana-vegan-pennsylvania-oven
File name:	Consulta_de_cotizacion.pdf.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	438'272 bytes
First seen:	2020-04-30 07:34:34 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6c30ce1801dc1c1bfcfa3795668be4b6 (1 x AgentTesla, 1 x Pony)
ssdeep	6144:LaGKJpWdFr104RUqJ1+tCaz+7rRZdRpaAS9ZvczTfpVBP+pMQV1Jw0PENq0:L4i1nR91+tCazsPS9BczTfoV1JLb0
Threatray	9'745 similar samples on MalwareBazaar
TLSH	1794014B9DABC0F7EEE88474CA6898FB11B0694F3C0AAB7A0D5F15875530D87C9D07A1
Reporter	jarumlus
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.VBGeneric-6959096-0

Gathering data

Threat name:

Win32.Trojan.Vbinject

Status:

Malicious

First seen:

2019-04-30 11:16:59 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Verdict:

malicious

Label(s):

agenttesla

AgentTesla

293bf5eeec6d5d30ee3b3d26f73d6cb81f4e080a449774fc8d2c3a724454f521

AgentTesla

363755d7a78e52ae1314c7c4a485048269a9680e93bc4cb82098ca6139bfd912

AgentTesla

4eb165d0adad5be9d9a4470eb3760a991c4ae1ae52ee2fe349851d1b50aaff53

AgentTesla

5bd645a7783a25d2caa48ee448ad1e47c00ae25e5a7fd9b304ad9422e9e79fd5

AgentTesla

6ad1ca30615fb9469d7b0d254d14964f4dabf786f2f9096d77c0e2e5dbf600b9

AgentTesla

a0b79027a9be52eb4ce47d8c9bc4f75ea4525483c3c4a437f286e24f2762687c

AgentTesla

af504337b51f5fb5bcc3c779afc95bf5b167431660ebd8b71fcfdff1ec9e227a

AgentTesla

cd4df0af062e1b998ecd50c9262ba2f2de9fb9fd300a7fc2596ecd3f4f5f224d

AgentTesla

e6e2a0f4f64aa78699c8e7e56f33c391d085e655a8a0579f5fa43c42cd580ca7

AgentTesla

+ 9'735 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	win_blackremote_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::EVENT_SINK_AddRef

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample