MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 042a7c109c5b7465acba0dda0ef8b3bb8b5737085b7e1581ef164bca7f4426d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	042a7c109c5b7465acba0dda0ef8b3bb8b5737085b7e1581ef164bca7f4426d7
SHA3-384 hash:	0a378562b23d8ae7259e258e126d4ee656d36cb135bde164e7a99e2de7fbd773fbc99c7b8a0b38c4964d814e3f53a959
SHA1 hash:	bd28922d6fa5a57dd134fb9b00210eb49e1a9b9d
MD5 hash:	8733ccfa5f216a3719521711899a667a
humanhash:	mountain-enemy-gee-potato
File name:	nShipping Receipt.iso
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	1'507'328 bytes
First seen:	2023-12-28 13:07:19 UTC
Last seen:	2023-12-29 16:01:23 UTC
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	12288:odKxnV/AyG2iNuOUd7LAGaE0tj79rcaxBdTq20GTnB9V1TjMj5FxS:odKj/w16ZAGkZ9rcandTqwTnB9VpMj5
TLSH	T12F65D43F5BBB192BCD76C2B5C7F48467B313D46B3111AA695AC6DF950302B8228C325E
TrID	47.7% (.ISO/UDF) UDF disc image (2114500/1/6) 46.2% (.NULL) null bytes (2048000/1) 5.7% (.HTP) HomeLab/BraiLab Tape image (256000/1) 0.1% (.ATN) Photoshop Action (5007/6/1) 0.0% (.ISO) ISO 9660 CD image (2545/36/1)
Reporter	FXOLabs
Tags:	AgentTesla iso

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

106

Origin country :

BR

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	2QPDLF3M.EXE
File size:	956'928 bytes
SHA256 hash:	c9c440aea8cb456e194c0659262cf6365f2e1a3d7c0b0324fbda6ef7db0e3ee4
MD5 hash:	bfe5f5e379a125683510eebd80512be3
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

context-iso packed

Link:

https://www.filescan.io/uploads/658d73356b1c2460460cf1aa/reports/383bfe17-f70f-4f56-903b-b8b41e2d6e17/overview

Hybrid Analysis MSIL_Kryptik.GVV.gen

Verdict:

Malicious

Labled as:

MSIL_Kryptik.GVV.gen

Link:

https://www.hybrid-analysis.com/sample/042a7c109c5b7465acba0dda0ef8b3bb8b5737085b7e1581ef164bca7f4426d7

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/042a7c109c5b7465acba0dda0ef8b3bb8b5737085b7e1581ef164bca7f4426d7/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.AgentTesla

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-28 11:31:03 UTC

File Type:

Binary (Archive)

Extracted files:

14

AV detection:

17 of 37 (45.95%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aqvhyee4ln2gllf2bxna56ftxofvonyiln7blappczf4u72ee3lq._file

Hatching Triage agenttesla

Result

Malware family:

agenttesla

Alert

Create hunting rule

Score:

  10/10

Tags:

family:agenttesla keylogger persistence spyware stealer trojan

Link:

https://tria.ge/reports/231228-r2fd2shgg2/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Suspicious use of SetThreadContext

Adds Run key to start application

Looks up external IP address via web service

Checks computer location settings

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/042a7c109c5b7465acba0dda0ef8b3bb8b5737085b7e1581ef164bca7f4426d7