MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ea484788613d019ffa793a4afda9e4564d4b27307746f26b6dfee3432317ff4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ea484788613d019ffa793a4afda9e4564d4b27307746f26b6dfee3432317ff4
SHA3-384 hash: 47e7c07bba7b8d8fab2b3525ff6f57a5bf7dc1e64fde3ba2e50c7e84be699abc96818b6f011ddaf3ba26d41ada1613d8
SHA1 hash: 33bab1a4b4a22271755ccfd9f668932370986fe8
MD5 hash: 4bb838ba93e136fd919407e39da7d7a7
humanhash: harry-september-football-eight
File name:DHL COURIER PICKUP CONFIRMATION.pdf.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:485'815 bytes
First seen:2020-04-06 08:26:17 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:HQbQ5GQQd5a8zoc5LJrN4JLPhCICzFDuEO87M:sJPnzRVN4hhCHzFicg
TLSH 8EA423CA689B3517C12D0FE9F897CAA6E285DD67A40230731C634E2719EE21B3B29D15
Reporter abuse_ch
Tags:ace AgentTesla COVID-19


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: gains.assureonlinesolutions.com
Sending IP: 108.170.63.170
From: DHL Global Mail Inc © <jessa.lagangan@dhl.com>
Subject: DHL Delivery Shipment COVID-19 Be Safe and Stay Strong.
Attachment: DHL COURIER PICKUP CONFIRMATION.pdf.ace (contains "DHL COURIER PICKUP CONFIRMATION.pdf.exe")

AgentTesla SMTP exfil server:
smtp.salasarlamlnates.com:587 (208.91.199.224)

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 08:48:08 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
25 of 47 (53.19%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 5ea484788613d019ffa793a4afda9e4564d4b27307746f26b6dfee3432317ff4

(this sample)

AgentTesla

Executable exe e1c1a8c39ce7658e5e8a3ab916d86a24d99f1c804b20ea93e5a2e3c50c87cd0e

  
Dropping
MD5 30bea37fb6b12ea4c2226f95408b4f5e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1c1a8c39ce7658e5e8a3ab916d86a24d99f1c804b20ea93e5a2e3c50c87cd0e

Comments