MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16489d4e625dfa52f959de1d07e0eb32f7122c981557bfb8f9354895b9284bcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16489d4e625dfa52f959de1d07e0eb32f7122c981557bfb8f9354895b9284bcc
SHA3-384 hash: 54ec0402e40f15464bd9f5aefc3ef3e4f916d234eaa189067d53f768c555821b2d865361c43ece2a44c9dbc63039ab04
SHA1 hash: 3224fead79697b6759e32f480a0bdaadf54a4f5b
MD5 hash: 4d0fe62ee622bb7c1a92f93794fcd96e
humanhash: bravo-high-berlin-april
File name:DHL AWB - 453968867878_Shipping Documents 2022.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:443'007 bytes
First seen:2022-01-24 10:48:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:ynPDNeUVlSTP+5MVJtYKWQr00RfqUM7AOJh:ynPDNlSy5MVJtl0c2nT
TLSH T13B94238ED6A1D7748C9B7545948BCB72ADFCBA6F7823253CCC04D62C1178F10DAC5922
Reporter cocaman
Tags:AgentTesla DHL gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Poornima Poornima <poornima@itechecommerce.com>" (likely spoofed)
Received: "from zim.itechecommerce.com (zim.itechecommerce.com [157.230.8.154]) "
Date: "Mon, 24 Jan 2022 10:22:42 +0000 (UTC)"
Subject: "DHL AWB: Shipping Documents"
Attachment: "DHL AWB - 453968867878_Shipping Documents 2022.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.17146.18396.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
keylogger obfuscated packed
Link:
https://www.filescan.io/uploads/61ee8421f81da814af9f99b3/reports/3077c210-cc73-4cbf-af8c-f8e0a9214ca2/overview
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16489d4e625dfa52f959de1d07e0eb32f7122c981557bfb8f9354895b9284bcc/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-24 10:49:10 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=czej2ttclx5ff6kz3yoqpyhlgl3releycvl37ohzgvejlojijpga._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220124-mwn2saedbp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/16489d4e625dfa52f959de1d07e0eb32f7122c981557bfb8f9354895b9284bcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 16489d4e625dfa52f959de1d07e0eb32f7122c981557bfb8f9354895b9284bcc

(this sample)

AgentTesla

Executable exe 9413edeb35a7695bd1ce1abef97e816197d0f3c0c8ec1dbeb540dec6ba24c459

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9413edeb35a7695bd1ce1abef97e816197d0f3c0c8ec1dbeb540dec6ba24c459

Comments