MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1469a1d40499aa89afbd02aaf30d0801d324e6a33b42fd082ece97b3dcb4fc27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1469a1d40499aa89afbd02aaf30d0801d324e6a33b42fd082ece97b3dcb4fc27
SHA3-384 hash: f20b0e7be351c31222f92b5c186555fe13e6156de44b939795c277dba6015ec999b01d4e7042314cbc4c7418f39bd452
SHA1 hash: 7da2c386443861e0e438798d24f9d9c827460e30
MD5 hash: 2b64d89d5d01ad9b1eabc622c38690b1
humanhash: queen-fourteen-emma-lemon
File name:SHIPPING_DOCX_BL-018907-PDF.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:659'456 bytes
First seen:2022-02-03 07:58:21 UTC
Last seen:2022-04-20 09:48:34 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:6F7p3BQJFhwBnccBMYZ/SrH+kTIfZF8T/oOQevY7QLrJ:WQJFC0YZ6D+RFxOFY76J
TLSH T156E4F1A1F69A9581E52B9A3122757C41023B3EE39EC5DA19332CF2480FF77504F66B4B
Reporter cocaman
Tags:AgentTesla DHL iso


Avatar
cocaman
Malicious email (T1566.001)
From: "Shipment Notice <dhl@lgpartner.ch>" (likely spoofed)
Received: "from lgpartner.ch (unknown [136.144.41.143]) "
Date: "03 Feb 2022 03:29:59 +0100"
Subject: "Document Review"
Attachment: "SHIPPING_DOCX_BL-018907-PDF.iso"

Intelligence

File Origin
# of uploads :
5
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_pdf.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PUA.EmbeddedEXE-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1469a1d40499aa89afbd02aaf30d0801d324e6a33b42fd082ece97b3dcb4fc27/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-02-03 02:35:29 UTC
File Type:
Binary (Archive)
Extracted files:
30
AV detection:
19 of 43 (44.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cru2dvaetgvitl55akvpgdiiahjsjzvdhnbp2cboz2l3hxfu7qtq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/220203-jvf31aeed4/
Behaviour
Checks processor information in registry
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Sets service image path in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1469a1d40499aa89afbd02aaf30d0801d324e6a33b42fd082ece97b3dcb4fc27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 1469a1d40499aa89afbd02aaf30d0801d324e6a33b42fd082ece97b3dcb4fc27

(this sample)

AgentTesla

Executable exe 19ea70b85d1e0c5c9c9ebb1f2412ee14b363da45f5ba68f7f8ea217fe6dcb975

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 19ea70b85d1e0c5c9c9ebb1f2412ee14b363da45f5ba68f7f8ea217fe6dcb975
  
Dropping
AgentTesla

Comments