MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3425f88117e5870aca965aa09ae0d38adcde7c4e8885e07ae7ab48ce30aead38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3425f88117e5870aca965aa09ae0d38adcde7c4e8885e07ae7ab48ce30aead38
SHA3-384 hash: 38e5e202c5fe4cf91a2eb96c20dd457bd813eb6d3c492abbbbf219b8bd1b28583a3728c1c947616c43b6ce6524c61ae5
SHA1 hash: 04336359e631563240115b39a4df30ecc153939a
MD5 hash: fcdbf876013b270c34345198a664f54e
humanhash: blossom-maryland-oregon-september
File name:Shipping Details.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:370'880 bytes
First seen:2020-11-18 06:41:53 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 6144:1VVO733uuO2lXfSIhNyYL+3SxD7bJbjFr9NoQoyLu5ifnrelU/eBekjLvdb:gLuuO2lvS8Q8Vjl9NoQo9Afrezskvt
TLSH 937423FA296D4B60F66204E3983DD1FFE148BCF95502D30654B02E57339C9A9BC1A7E2
Reporter cocaman
Tags:ace


Avatar
cocaman
Malicious email (T1566.001)
From: ""Recipients" <info@tnt.com>" (likely spoofed)
Received: "from xwx0.315.suaon.ml (xwx0.315.suaon.ml [134.209.115.10]) "
Date: "Tue, 17 Nov 2020 19:37:26 -0800"
Subject: "TNT Consignment"
Attachment: "Shipping Details.ace"

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3425f88117e5870aca965aa09ae0d38adcde7c4e8885e07ae7ab48ce30aead38/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 01:25:26 UTC
File Type:
Binary (Archive)
Extracted files:
48
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 3425f88117e5870aca965aa09ae0d38adcde7c4e8885e07ae7ab48ce30aead38

(this sample)

AgentTesla

Executable exe cf5215d914f4d334e8d743ac3139c2e1c97395b9084e83de639baea813cc340d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cf5215d914f4d334e8d743ac3139c2e1c97395b9084e83de639baea813cc340d

Comments