MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3
SHA3-384 hash: 57ad71bc5eb4ef78015472ab6a10ab0eabbf2312014ac6f31f1a66bec8a95a9e6b6cd3f2f7f4ce75b90306741a4b26b1
SHA1 hash: ec05cee69cf370f964271688a39202c3cd91b845
MD5 hash: 4a47af55d3c04a64680bed3e707519c6
humanhash: vegan-missouri-six-magnesium
File name:PRICE LIST NOVEMBER 2020.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:13'498 bytes
First seen:2021-02-23 07:16:59 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 384:1jKKzM2iuG3YJ57D5Fzcjh3Cv6vPEcgMura:034V5FzASv6HEW
TLSH 4052C08FCE3B6E597E2508F7D3C5B9B2482D75AF3801470F45A32561A526C2AA85E028
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.facetohen.ga
Sending IP: 150.95.104.199
From: Friedrich Hermann <admin@facetohen.ga>
Subject: Re: Request For Quotation and Price list of Order.
Attachment: PRICE LIST NOVEMBER 2020.ace (contains "PRICE LIST (NOVEMBER 2020).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 07:17:10 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=czxz3wwe6oawekxxecwptas57hgrw22z7gpsi3terepgdvrhcdzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 166f9ddac4f381622af720acf9825df9cd1b6b59f99f246e64891e61d62710f3

(this sample)

AgentTesla

Executable exe 863d464bb43bda7378c611a5c16410a3c279ca72e447632f5e03f8418f5464d8

  
Dropping
MD5 404ef05a6acc67c2b59189171f9eb0fc
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 863d464bb43bda7378c611a5c16410a3c279ca72e447632f5e03f8418f5464d8

Comments