MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1eb7ae49135e0c3fd1e802740e5658e52eef3a38bdacbf756a33100ff6bbaad5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 1eb7ae49135e0c3fd1e802740e5658e52eef3a38bdacbf756a33100ff6bbaad5
SHA3-384 hash: dbd7aa27dc3d85b0dbf9aa22f65cc085c9cea4232a6c93e9813138df2a957d27ea7e7dbdd4b6caa44261b5dd4c38f877
SHA1 hash: 8da67457bd235de94c4b1340bafcf8fecca9a532
MD5 hash: 7c68cfe3c735782098888ffabc8d6e13
humanhash: december-oxygen-blue-lactose
File name:shd.xls
Download: download sample
Signature AgentTesla
File size:389'120 bytes
First seen:2020-07-31 08:28:11 UTC
Last seen:Never
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 6144:0k3hOdsylKlgryzc4bNhZF+E+W2knJ+AqmFkM9lz2KE8hBdLVoo5z9Nn/FDC5GVX:H5kMHq/8oo5ztOcVLEP9iYtHliEM9fGa
TLSH E38412A4B2D98A53CA4B2375CCD603D8F622FC62A787834737A8F62947323C44E57756
Reporter @JAMESWT_MHT
Tags:AgentTesla

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Creating a file in the Windows subdirectories
Creating a file
Sending a TCP request to an infection source by exploiting the app vulnerability
Creating a process from a recently created file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
60 / 100
Signature
Creates HTML files with .exe extension (expired dropper behavior)
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document exploit detected (creates forbidden files)
Behaviour
Behavior Graph:
Threat name:
Script-Macro.Trojan.Donoff
Status:
Malicious
First seen:
2020-07-31 08:30:06 UTC
AV detection:
14 of 31 (45.16%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro
Behaviour
Suspicious Office macro
Threat name:
Dropper
Score:
0.80

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments