MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad9cece52c221918d26a3e2325ea01732f309e081ee8fee7639ee727ed01f895. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	ad9cece52c221918d26a3e2325ea01732f309e081ee8fee7639ee727ed01f895
SHA3-384 hash:	807e2edd48dbf77d9c096f04b3aec207b33dbebd6886ece708f7e39d5d4b454e224eee71bd55f0081062a752ed229690
SHA1 hash:	039d26bd4d63709597366f1b7aaa4e6b4a700f2d
MD5 hash:	b4eb47b75bedcf4e10946acc643a3a42
humanhash:	earth-blue-iowa-romeo
File name:	Shipping Documents.ace
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	718'222 bytes
First seen:	2021-04-13 05:29:04 UTC
Last seen:	Never
File type:	ace
MIME type:	application/octet-stream
ssdeep	12288:+hhBxDuGl8kp+wsT5uYZRN/tVCfx1CoNW8o+rwge6nYRMxtxFPwUolN3cE:+zl8kMb7zI51CCWd0nYRMbxGUm3H
TLSH	41E423C6E2D96CD73A4551583AB1A40707B8C32BAAFDD0E4012FEBB14D1B88ED59F90D
Reporter	cocaman
Tags:	ace AgentTesla INVOICE

cocaman

Malicious email (T1566.001)
From: ""Michael Han" <sales12@ceaworld.com>" (likely spoofed)
Received: "from mageneet.com (unknown [45.144.225.201]) "
Date: "12 Apr 2021 20:30:42 +0200"
Subject: "RE: Proforma Invoice No. AD1-2001028L, Packing List and Commercial Invoice for Urgent Shipment"
Attachment: "Shipping Documents.ace"

Intelligence

File Origin

# of uploads :

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ad9cece52c221918d26a3e2325ea01732f309e081ee8fee7639ee727ed01f895/

Threat name:

ByteCode-MSIL.Infostealer.Fareit

Status:

Malicious

First seen:

2021-04-12 20:53:00 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

19 of 47 (40.43%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vwoozzjmeimrrutkhyrsl2qbomxtbhqid3up5z3dt3tsp3ib7ckq._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/210413-e5y86wb5ge/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/ad9cece52c221918d26a3e2325ea01732f309e081ee8fee7639ee727ed01f895

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace ad9cece52c221918d26a3e2325ea01732f309e081ee8fee7639ee727ed01f895

(this sample)

AgentTesla

exe 24178fa3969b7256e53f2f77cc080cf5819fc303bbfa0f51ac97e7734beb5212

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 24178fa3969b7256e53f2f77cc080cf5819fc303bbfa0f51ac97e7734beb5212

Dropping

AgentTesla

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample