MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53eb58cee133621fd6c6b1b1dbad97ec67e6be0b036f1c45597d98830caaa2c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53eb58cee133621fd6c6b1b1dbad97ec67e6be0b036f1c45597d98830caaa2c0
SHA3-384 hash: ea5295173c6e9833a50c770960e9e046f65357832c179eedf897b3295dded6484973d3543e8a8fa3b584de44c753fa5d
SHA1 hash: 8ea40367ee05be58fa1b5c993e6213c89d9f4341
MD5 hash: 2ad16c5a07fd13ea8e45cf263b283584
humanhash: maine-butter-alabama-xray
File name:Purchase Orders - Foreign_0000000000058876.pdf.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'794 bytes
First seen:2021-03-02 07:40:58 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:ULLGPi5AZtUmchqK1+NWpzC8iYSbvD4XncGyG:UHGPuAZs1+NWoo4sXcGt
TLSH 49842306B25F2F49E2EF1AB79E68F8C15EF52B3E6A23678A53C50C4F17C504B0671A05
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sunucu.genclab.com
Sending IP: 89.163.255.135
From: Ulrich Külzer / HARTON Anlagentechnik GmbH <manuz-e@marudeni.com>
Subject: Fw: AW: Purchase Orders - Foreign_000000000058876
Attachment: Purchase Orders - Foreign_0000000000058876.pdf.ace (contains "Purchase Orders - Foreign_0000000000058876.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53eb58cee133621fd6c6b1b1dbad97ec67e6be0b036f1c45597d98830caaa2c0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-02 07:41:07 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kpvvrtxbgnrb7vwgwgy5xlmx5rt6npqlanxryrkzpwmigdfkulaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/53eb58cee133621fd6c6b1b1dbad97ec67e6be0b036f1c45597d98830caaa2c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 53eb58cee133621fd6c6b1b1dbad97ec67e6be0b036f1c45597d98830caaa2c0

(this sample)

AgentTesla

Executable exe a6d83b90e4f64fd96604703df47b5534c7ea3ac3caa885fcab8dc01fd2eba6f3

  
Dropping
MD5 9fce1ef23725a3ec899373e6e9639054
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6d83b90e4f64fd96604703df47b5534c7ea3ac3caa885fcab8dc01fd2eba6f3

Comments