MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46acd5894f10a7825187d63448f9cae0b55212eaafcc01be39c77994958d0970. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46acd5894f10a7825187d63448f9cae0b55212eaafcc01be39c77994958d0970
SHA3-384 hash: 7e3e91fd8de75392c68f0f2cd682bbfdae4c867ab2b2c73d5bda8cc7ae96f456c8f18b54b6dbf468f410ba14bc2605b6
SHA1 hash: 5f1a52a6a26c24211ed0a2bf9fbfc44286ebe37d
MD5 hash: 753c3744d2be3d5ba53506860459f9d6
humanhash: social-pip-seventeen-king
File name:FedEx Receipt.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'060'597 bytes
First seen:2021-01-20 06:20:32 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 24576:6mzH1BT8lCiJNdFQ9Xkb/NcEDP7S3un+EiL:6Cx8lpHdFkEz7S3u+E6
TLSH C13533BAC2E3590B95EED153835E235F29166E0B0C3F9315DB7260AC85CDFA244BCC96
Reporter cocaman
Tags:ace


Avatar
cocaman
Malicious email (T1566.001)
From: "FedEx Express <office2@ausemov.com>" (likely spoofed)
Received: "from postfix-inbound-1.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "Tue, 19 Jan 2021 19:45:05 -0800"
Subject: "FedEx Express AWB#5305323204643 - Information is required"
Attachment: "FedEx Receipt.ace"

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46acd5894f10a7825187d63448f9cae0b55212eaafcc01be39c77994958d0970/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-01-20 06:21:06 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
18 of 44 (40.91%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/46acd5894f10a7825187d63448f9cae0b55212eaafcc01be39c77994958d0970

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 46acd5894f10a7825187d63448f9cae0b55212eaafcc01be39c77994958d0970

(this sample)

AgentTesla

Executable exe 5c1acbd40fb6b82586354bd863d53e71d6cbc6f6271f0f8da6f3692c4446ebe6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c1acbd40fb6b82586354bd863d53e71d6cbc6f6271f0f8da6f3692c4446ebe6

Comments