MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3df772cc47cf13022c18933fe3dd70a97a345d6f320744cf0979f31576d86ab9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	3df772cc47cf13022c18933fe3dd70a97a345d6f320744cf0979f31576d86ab9
SHA3-384 hash:	a65beef854963422c25881a067c07097c88770707863b0b54a426d12e160a21f3f7ef5b61dba0e498fe499f51284ef60
SHA1 hash:	d01444a25ac98e743b88e66c12e3e4a02436d442
MD5 hash:	8bdb5747650be0e1f6d7e39592464900
humanhash:	victor-magazine-seven-venus
File name:	Files & Specification.pdf.ace
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	571'517 bytes
First seen:	2021-04-12 13:57:03 UTC
Last seen:	Never
File type:	ace
MIME type:	application/octet-stream
ssdeep	12288:b7arU8ddsPbv/YekOiKwK7SMbeq1Nm3D6K002rF0O:byw2Ova5q1bx/0O
TLSH	5FC423B0E237269CAE11126273F70F0F81A38FB55DDD502E866BF172D0295B9C0D96DA
Reporter	cocaman
Tags:	ace AgentTesla

cocaman

Malicious email (T1566.001)
From: "PT Ladang Kimia Elisabeth <contact@ladangkimia.co.id>" (likely spoofed)
Received: "from ladangkimia.co.id (unknown [185.222.57.200]) "
Date: "12 Apr 2021 00:06:54 -0700"
Subject: "Price Inquiry For New Order"
Attachment: "Files & Specification.pdf.ace"

Intelligence

File Origin

# of uploads :

# of downloads :

130

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3df772cc47cf13022c18933fe3dd70a97a345d6f320744cf0979f31576d86ab9/

Threat name:

ByteCode-MSIL.Infostealer.Fareit

Status:

Malicious

First seen:

2021-04-12 06:23:42 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

20 of 47 (42.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=hx3xftchz4jqelaysm76hxlqvf5dixlpgidujtyjphzrk5wynk4q._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/210412-43tdtm9njx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/3df772cc47cf13022c18933fe3dd70a97a345d6f320744cf0979f31576d86ab9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 3df772cc47cf13022c18933fe3dd70a97a345d6f320744cf0979f31576d86ab9

(this sample)

AgentTesla

exe dd47f2e22d691a3a810a3cb353139ae3f3a9232ab6285c0c9193c755f4e87638

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 dd47f2e22d691a3a810a3cb353139ae3f3a9232ab6285c0c9193c755f4e87638

Dropping

AgentTesla

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample