MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1d9d4815a0f4ddd0ca63778d4fe75bde19236c67f06dab56760065c566558e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 1


Intelligence 1 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1d9d4815a0f4ddd0ca63778d4fe75bde19236c67f06dab56760065c566558e6
SHA3-384 hash: 8f0b224cbee9fdcbe79413d9ffd71444ec27afcf6c88c4cb558575ff2926b0784d721108bededeaba597d3b4e394b7bf
SHA1 hash: 49bddb4c22443e70c340f3294340249e78e87361
MD5 hash: e9504e0389428ef562fcf06b098c92ab
humanhash: red-april-muppet-spaghetti
File name:Shipment Details.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'763'592 bytes
First seen:2020-11-23 18:30:50 UTC
Last seen:2020-11-24 07:10:19 UTC
File type: ace
MIME type:application/octet-stream
ssdeep 49152:Xei/fNtv9GYn/+EozZJDFdA4ETLwavKCfScVP/xA/JvlQkYZ5SHo2:Oi9NYY/kVJPkLw2HABvlQZUI2
TLSH 08D53348D4E30FF6575C21D576D7AEC0228B18956E890096FB3AB816C7D97FE28D0E8C
Reporter cocaman
Tags:ace


Avatar
cocaman
Malicious email (T1566.001)
From: ""TNT Express" <service@209.mzuo.ml>" (likely spoofed)
Received: "from xvx0.209.mzuo.ml (xvx0.209.mzuo.ml [157.230.233.77]) "
Date: "Mon, 23 Nov 2020 09:17:41 -0800"
Subject: "TNT** GST NOTIFICATION FOR INCOMING SHIPMENT ** AWB: 2352366446"
Attachment: "Shipment Details.ace"

Intelligence

File Origin
# of uploads :
3
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1d9d4815a0f4ddd0ca63778d4fe75bde19236c67f06dab56760065c566558e6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f1d9d4815a0f4ddd0ca63778d4fe75bde19236c67f06dab56760065c566558e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace f1d9d4815a0f4ddd0ca63778d4fe75bde19236c67f06dab56760065c566558e6

(this sample)

AgentTesla

Executable exe 53844995638262e794ee25db674e959f123975f40db830a57c7715231eeb7ce5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53844995638262e794ee25db674e959f123975f40db830a57c7715231eeb7ce5

Comments