MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 161d6e6f2c686fcd297b6f5d33132a6e32fd941392ce0f9496879c53c6729187. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 161d6e6f2c686fcd297b6f5d33132a6e32fd941392ce0f9496879c53c6729187
SHA3-384 hash: f151a63a1b0545f809c281d6c3ff3f8e5784b33f2da3b327f84909b353f49f26a1700ffb0af41ec2c3d3170126cef79f
SHA1 hash: 370b4b6f1a1c1c5132fe75cb498260b056c3e7cf
MD5 hash: 7424fd7de760180dbf1af53ca3352a3b
humanhash: vermont-alpha-mobile-london
File name:Payment copy-信息更新1012 大金替代料事宜.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:331'670 bytes
First seen:2021-10-12 05:52:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:MEj96QR9d4hhvkaS1WucyGtFw8OtJ8kKnaW8X7rNzwCfMvlcZ:MQ9DRP4hrWWFyGtFmtJ8kKnE7rNcvlcZ
TLSH T1DB6423223775D7F10D173CAB92A6C225C8C066789E07E2FD681390E5DA26BABDB0C711
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "YUNJI KIM <yunji@retinc.kr>" (likely spoofed)
Received: "from retinc.kr (unknown [45.137.22.42]) "
Date: "12 Oct 2021 06:29:32 +0200"
Subject: "=?UTF-8?B?UmU6IFBheW1lbnQgY29weS3kv6Hmga/mm7TmlrAxMC8xMjog5aSn6YeR5pu/5Luj5paZ5LqL5a6c?="
Attachment: "Payment copy-信息更新1012 大金替代料事宜.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.1.8281.23321.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
60%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/616522bffd35fe780c39e674/reports/4bb2e0f0-b724-461d-bf51-6851a8e82f60/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/161d6e6f2c686fcd297b6f5d33132a6e32fd941392ce0f9496879c53c6729187
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/161d6e6f2c686fcd297b6f5d33132a6e32fd941392ce0f9496879c53c6729187/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-10-12 05:53:09 UTC
AV detection:
7 of 40 (17.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cyow43zmnbx42kl3n5otgezknyzp3fatslha7fewq6ofhrtssgdq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/211012-glathsbdg3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.77
Link:
https://yomi.yoroi.company/submissions/161d6e6f2c686fcd297b6f5d33132a6e32fd941392ce0f9496879c53c6729187

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 161d6e6f2c686fcd297b6f5d33132a6e32fd941392ce0f9496879c53c6729187

(this sample)

AgentTesla

Executable exe d0e7f5daadb45d6d43e608cfbce838da2740791a01e79457d4ee69514b56601c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d0e7f5daadb45d6d43e608cfbce838da2740791a01e79457d4ee69514b56601c

Comments