MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b202521d5ae620328711b22e9447563426abf73a85b63816e4841d80b7222ec5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b202521d5ae620328711b22e9447563426abf73a85b63816e4841d80b7222ec5
SHA3-384 hash: 1a0049cd8cb93ea41cd3519305c6b71c1c22bb6812061b02a8dfec58273e890385607f21e62a5fdbfebf651919ae49c1
SHA1 hash: 80760b246069b7e9d7f3aba791def43a091c9bc3
MD5 hash: feb1037c9c106996bd9a0d822410d6b3
humanhash: fruit-robin-high-march
File name:TNT EXPRESS CONSIGNMENT.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'643 bytes
First seen:2020-09-08 07:56:16 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:/VU2soD4/7VQuKowx5UrdKRFFUWwb7Lnp6f2OFMo:w/VNH8Y0BQLnWeo
TLSH 7A9423690FB9B103EB465BAF38E739C08566893BB1EC62428EFBD11F751A15709C05B2
Reporter cocaman
Tags:ace


Avatar
cocaman
Malicious email
From: TNT EXPRESS CONSIGNMENT <invoice@tnt.com>
Received: from host.capeit.com.cy (host.capeit.com.cy [104.247.73.133])
Date: Tue, 08 Sep 2020 00:46:39 -0700
Subject: TNT Express delivery Consignment Notification
Attachment: TNT EXPRESS CONSIGNMENT.ace

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b202521d5ae620328711b22e9447563426abf73a85b63816e4841d80b7222ec5/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Suspicious
First seen:
2020-09-08 07:58:06 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b202521d5ae620328711b22e9447563426abf73a85b63816e4841d80b7222ec5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace b202521d5ae620328711b22e9447563426abf73a85b63816e4841d80b7222ec5

(this sample)

AgentTesla

Executable exe 79ccd9890e754e8a253d8b48303eaca1092b70f2822c76128d07c991563736f6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 79ccd9890e754e8a253d8b48303eaca1092b70f2822c76128d07c991563736f6

Comments