MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 20 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d
SHA3-384 hash: 4019faea9f910736752a38db353136fe45c665e87187306f0c8e211d7a44d22503ef3e71144dcf7308d25579f09d19d9
SHA1 hash: e71b78e77ae3ba0f33488859e1c320feeff6a279
MD5 hash: 8b760973b87523feb5db31e3d0a87408
humanhash: don-bravo-solar-summer
File name:DHL Require.tar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:3'002'880 bytes
First seen:2025-09-17 09:50:54 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 49152:nBvI/FoTrGx09mRAAB4S5grkaXSaxgJ1uyutElNhvN:NXTrG9AHIak
TLSH T100D5AD16E3E806A9D52BDB74CAA59332E77078425730D18F0659D6492F33EA09F3F722
TrID 62.9% (.TAR/GTAR) TAR - Tape ARchive (GNU) (17/3)
37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Magika tar
Reporter cocaman
Tags:AgentTesla DHL tar


Avatar
cocaman
Malicious email (T1566.001)
From: "phcg005@bdpouhung.com" (likely spoofed)
Received: "from bdpouhung.com (unknown [213.209.157.220]) "
Date: "16 Sep 2025 12:00:41 -0700"
Subject: "Balance materials ~BY DHL Require"
Attachment: "DHL Require.tar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
CH CH
File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:A DHL Require.exe
File size:24'352 bytes
SHA256 hash: fb35144df4ed1931f314d2b0473715ae34766939f7fa663849ea2d0633313ccb
MD5 hash: 488082e4c5d97d5e9a7bfd12a7aacfdb
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-heap-l1-1-0.dll
File size:14'624 bytes
SHA256 hash: b08141eac5cdced3b41d93548999c823abcda9ecdbc65485c76b42b355bfe8b3
MD5 hash: 5ee2d87606ee80761d53e8ff5a75ced5
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-string-l1-1-0.dll
File size:19'744 bytes
SHA256 hash: 7f91276f1212bf639802dde65c382709c0ff6f97677f3caf8bd9430203314d41
MD5 hash: bd8905f8ac58c6cc98a160fb2a82deeb
MIME type:application/x-dosexec
Signature AgentTesla
File name:VCRUNTIME140.dll
File size:98'592 bytes
SHA256 hash: 2a4b0fe6185aed1863d17f243d5466cf517c064d708ecd5897591c9550541b7e
MD5 hash: 40b9c07608a5c34f89a8030aa99de17b
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-math-l1-1-0.dll
File size:22'816 bytes
SHA256 hash: b22448893c970efca2c46862879f8f43de0578f819efd5fe1b7a9ea8635c74a8
MD5 hash: 3205c8c68a611601e2ae98b6f8a13905
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-filesystem-l1-1-0.dll
File size:15'648 bytes
SHA256 hash: d22f987c57546b9188da7693b779a7dbffd4a985ca57e9cca30baf6a2ae3403b
MD5 hash: 6355f32352244b17e171d64bab6fcff8
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-stdio-l1-1-0.dll
File size:19'744 bytes
SHA256 hash: 11f7ca7685cfd47138743f3d5d1da490a9a21bc274cf8ac0a7e2d4c878a2dac8
MD5 hash: 8a52261c24db6951e8909d80ef01d11e
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-runtime-l1-1-0.dll
File size:18'208 bytes
SHA256 hash: f8b84bfd681137e06b1cf46fe5976da0e1c4e85f6f2892b6058c63ced77da2bd
MD5 hash: de59e0c8abc0e35eceb19db3218c56c8
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-convert-l1-1-0.dll
File size:17'696 bytes
SHA256 hash: b08d316932079d211d23d3f960d24233738abb23a1424356f702071362533b2d
MD5 hash: ae4ee6706667bb2a7989abe8747c8cf5
MIME type:application/x-dosexec
Signature AgentTesla
File name:jli.dll
File size:2'470'912 bytes
SHA256 hash: da061f2bdb2a6d84d3e7d6b2045834655fe65418e9ad7281b4b689a3700dc003
MD5 hash: 093c389c132ff135e8a427790cbc9cee
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-locale-l1-1-0.dll
File size:14'112 bytes
SHA256 hash: ff84a75af3f798d269ee1cc88b51729a9605846640271bf040dacea6ba6c6e8e
MD5 hash: 63021b6eae232ccb114b5e137e14f12e
MIME type:application/x-dosexec
Signature AgentTesla
File name:api-ms-win-crt-environment-l1-1-0.dll
File size:14'112 bytes
SHA256 hash: 795b6011722dd466aacd4ce617748522181168ed8f547740e9dfe5e5fdf3f33d
MD5 hash: 13e5eabc253d5d38ce0615f2a90062e5
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68c7b02ee579c633a4b54fb8
Tags:
n/a
Verdict:
Unknown
Threat level:
n/a  -.1.0/10
Confidence:
100%
Tags:
expired-cert microsoft_visual_cc packed signed
Link:
https://www.filescan.io/uploads/68ca84a0dbc6f5a29c497ae1/reports/6991bfce-09c8-48b4-9db3-30ea395881a6/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d
Verdict:
Clean
File Type:
tar
Link:
https://opentip.kaspersky.com/6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d/results?tab=lookup
Score:
86%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Tar Archive
Link:
https://app.malva.re/file/8b760973b87523feb5db31e3d0a87408
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d/
Verdict:
Malicious
Threat:
Family.AGENTTESLA
Link:
https://tip.neiki.dev/file/6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-15 14:10:26 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nuscorgl5zzetjefaxiui7myj2ojck4qjpsoupomzudwalxvezgq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla discovery keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/250917-nnd3aacq7t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
AgentTesla
Agenttesla family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 6d242744cbee7249a48505d1447d984e9c912b904be4ea3dcccd07602ef5264d

(this sample)

b08d316932079d211d23d3f960d24233738abb23a1424356f702071362533b2d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b08d316932079d211d23d3f960d24233738abb23a1424356f702071362533b2d
  
Dropping
SHA256 795b6011722dd466aacd4ce617748522181168ed8f547740e9dfe5e5fdf3f33d
  
Dropping
SHA256 d22f987c57546b9188da7693b779a7dbffd4a985ca57e9cca30baf6a2ae3403b
  
Dropping
SHA256 b08141eac5cdced3b41d93548999c823abcda9ecdbc65485c76b42b355bfe8b3
  
Dropping
SHA256 ff84a75af3f798d269ee1cc88b51729a9605846640271bf040dacea6ba6c6e8e
  
Dropping
SHA256 b22448893c970efca2c46862879f8f43de0578f819efd5fe1b7a9ea8635c74a8
  
Dropping
SHA256 f8b84bfd681137e06b1cf46fe5976da0e1c4e85f6f2892b6058c63ced77da2bd
  
Dropping
SHA256 11f7ca7685cfd47138743f3d5d1da490a9a21bc274cf8ac0a7e2d4c878a2dac8
  
Dropping
SHA256 7f91276f1212bf639802dde65c382709c0ff6f97677f3caf8bd9430203314d41
  
Dropping
SHA256 da061f2bdb2a6d84d3e7d6b2045834655fe65418e9ad7281b4b689a3700dc003
  
Dropping
SHA256 33cb3f74300fe592c430d1b75f380009631e1c3441416c9bb356eaff7e470bbf
  
Dropping
SHA256 2a4b0fe6185aed1863d17f243d5466cf517c064d708ecd5897591c9550541b7e
  
Dropping
SHA256 fb35144df4ed1931f314d2b0473715ae34766939f7fa663849ea2d0633313ccb
  
Dropping
MD5 093c389c132ff135e8a427790cbc9cee
  
Dropping
MD5 33bb1f43ac018667bb2c5539fee2af87

Comments