MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23ae2556f13e6527dde0d003ffdd42d3dc895e56e759944e34c71ccf977ad279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23ae2556f13e6527dde0d003ffdd42d3dc895e56e759944e34c71ccf977ad279
SHA3-384 hash: 1ac4fccbfb74cf75ceab5a284f8f94e1e760e811947c774ce8e3bdc5c8d0f086a00b4d0d44c989323b665883ba8ef88e
SHA1 hash: 303d3d6eb71f9e788687d0b12c1d11f324fc1e00
MD5 hash: bd47c8920cc3bec23ea7cace0ae69977
humanhash: kitten-high-echo-iowa
File name:TNT Express consignment.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:745'635 bytes
First seen:2020-09-11 13:29:30 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:A4VaEAfZp5QeocQL8kJd04uOdR/vDY1KGSeEvR5KUsACi4DUZJb:vLARhocbkr04uQRjvGSRoAYWJb
TLSH 81F423BA7EA248120D5B9B49D3C5398BC5F1898D5375246D3026F47A019EFB8E0ADCF2
Reporter Anonymous


Avatar
Anonymous
Received: from host.capeit.com.cy (host.capeit.com.cy [104.247.73.133])
From: TNT EXPRESS CONSIGNMENT <invoice@tnt.com>
To: undisclosed-recipients:;
Subject: TNT Express delivery Consignment Notification

Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
format=flowed

Dear Customer,

A shipment has been arranged for you via TNT.

The shipment is scheduled for delivery SEPTEMBER 11th, 2020 and has TNT
consignment number: 213596003.

SHIPMENT DETAILS OVERVIEW: (View Enclosed)

Pieces : 1
Weight : 0.5 KG
Shipment reference : Invoice # 10623-24
Description : document

Download Attachment for invoice and full shipment details.

[1]

---------------------------------------------------------------------------------------------------------------
This message and any attachment are confidential and may be privileged
or otherwise protected from disclosure.
If you are not the intended recipient, please telephone or email the
sender and delete this message and any attachment from your system.
If you are not the intended recipient you must not copy this message or
attachment or disclose the contents to any other person.

Please consider the environmental impact before printing this document
and its attachment(s).
Print black and white and double-sided where possible.

Links:
------
[1] http://www.tnt.com/

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23ae2556f13e6527dde0d003ffdd42d3dc895e56e759944e34c71ccf977ad279/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-09-11 09:36:19 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/23ae2556f13e6527dde0d003ffdd42d3dc895e56e759944e34c71ccf977ad279

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 23ae2556f13e6527dde0d003ffdd42d3dc895e56e759944e34c71ccf977ad279

(this sample)

AgentTesla

Executable exe eea0d77f48f92940ec6825df3ab5bcedb6aa9112d02f101ee4b0392f5bb3dc6d

  
Dropping
AgentTesla
  
Dropping
MD5 32df34e0c3f87c5030da529cec7c5fda
  
Dropping
SHA256 eea0d77f48f92940ec6825df3ab5bcedb6aa9112d02f101ee4b0392f5bb3dc6d
  
Delivery method
Distributed via e-mail attachment

Comments