MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 5


Intelligence 5 File information Yara Comments

SHA256 hash: 166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3
SHA3-384 hash: 57ad71bc5eb4ef78015472ab6a10ab0eabbf2312014ac6f31f1a66bec8a95a9e6b6cd3f2f7f4ce75b90306741a4b26b1
SHA1 hash: ec05cee69cf370f964271688a39202c3cd91b845
MD5 hash: 4a47af55d3c04a64680bed3e707519c6
humanhash: vegan-missouri-six-magnesium
File name:PRICE LIST NOVEMBER 2020.ace
Download: download sample
Signature AgentTesla
File size:13'498 bytes
First seen:2021-02-23 07:16:59 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 384:1jKKzM2iuG3YJ57D5Fzcjh3Cv6vPEcgMura:034V5FzASv6HEW
TLSH 4052C08FCE3B6E597E2508F7D3C5B9B2482D75AF3801470F45A32561A526C2AA85E028
Reporter @abuse_ch
Tags:ace AgentTesla


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: mail.facetohen.ga
Sending IP: 150.95.104.199
From: Friedrich Hermann <admin@facetohen.ga>
Subject: Re: Request For Quotation and Price list of Order.
Attachment: PRICE LIST NOVEMBER 2020.ace (contains "PRICE LIST (NOVEMBER 2020).exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
51
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2021-02-23 07:17:10 UTC
AV detection:
9 of 47 (19.15%)
Threat level
  5/5
Threat name:
Legit
Score:
0.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments