MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5717a2fd46c9a7433494105c81c10ca9e80a76e6a32c512835668c3e68a225ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 6
| SHA256 hash: | 5717a2fd46c9a7433494105c81c10ca9e80a76e6a32c512835668c3e68a225ec |
|---|---|
| SHA3-384 hash: | c70d54b2ceaa448300e4e1b2de1234444c13b4e6dfa62aa75fb8699adfed4d60ef0654b1004b1219954d1502fc8414c6 |
| SHA1 hash: | b9ee58d511694d0ae5ee7b2df0bd3ecd1b10d2b9 |
| MD5 hash: | c37eede656dd9b129300988c87f707cb |
| humanhash: | lactose-arkansas-mars-twelve |
| File name: | Madinat Jumeirah Living Asayel 14782(480).7z |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 298'508 bytes |
| First seen: | 2023-01-12 07:24:14 UTC |
| Last seen: | Never |
| File type: | 7z |
| MIME type: | application/x-7z-compressed |
| ssdeep | 6144:17JgK0zsWPikE6+o2rFIBINAmscTEz4ONPz2X9rma+nf4NdgpOcjBipHosgg:17JQzsyik3+VGMAiAXu9rggybjMpHosp |
| TLSH | T138542316E87E91625FAFF336DF88249A81CC37436556E79704BE0083861B3D974AC16E |
| TrID | 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1) |
| Reporter |  cocaman |
| Tags: | 7z AgentTesla |
cocaman
Malicious email (T1566.001)From: "Hiba <sales@e-finance.live>" (likely spoofed)
Received: "from mail.e-finance.live (mail.e-finance.live [185.125.90.199]) "
Date: "Thu, 12 Jan 2023 01:07:45 -0500 (EST)"
Subject: "Madinat Jumeirah Living Asayel 14782(480)"
Attachment: "Madinat Jumeirah Living Asayel 14782(480).7z"
Intelligence
File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
File Archive Information
This file archive contains 1 file(s), sorted by their relevance:
| File name: | Madinat Jumeirah Living Asayel 14782(480).exe |
|---|---|
| File size: | 466'255 bytes |
| SHA256 hash: | 3e61d72e8e7853b7c4a966cdee9339bfe33b7ae33577c408cdfbca1d951335b9 |
| MD5 hash: | d08ef01384d580a84fbde4a6df347e06 |
| MIME type: | application/x-dosexec |
| Signature | AgentTesla |
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Verdict:
No Threat
Threat level:
10/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Leonem
Status:
Malicious
First seen:
2023-01-12 04:43:13 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 26 (65.38%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
collection spyware stealer
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
AgentTesla
7z 5717a2fd46c9a7433494105c81c10ca9e80a76e6a32c512835668c3e68a225ec
(this sample)
exe Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.