MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 16


Intelligence 16 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a
SHA3-384 hash: 7c39617d4570e61f12a09ec09fe23efff002fa7e24aa0aa717856b4a18983aa8f36cded5d1428e4b62a6c75c93374114
SHA1 hash: 1455827dfa29403e0e10255eb0b1976adcd4d6e0
MD5 hash: 00ae6f2c2902251c4c0cc47e3fce1181
humanhash: ack-diet-queen-mountain
File name:VoiceModCrack.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:6'984'704 bytes
First seen:2025-08-30 10:09:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d59a4a699610169663a929d37c90be43 (75 x DCRat, 22 x njrat, 15 x SalatStealer)
ssdeep 98304:yO1QT4b/jF2LPpBe5QPHt0nFzV+a6z7QJn6oDayucRUVp97EoHM9DD2jdPV1D3:yCxrUPpUMHtAca67O6sRuVrT
Threatray 293 similar samples on MalwareBazaar
TLSH T1F96612227754DD2AD1852638C076B610C6B7B6F5A4036B03B7F4E588DF14AC99E3E3E2
TrID 57.6% (.EXE) Inno Setup installer (107240/4/30)
22.3% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
7.6% (.EXE) Win32 Executable Delphi generic (14182/79/4)
5.6% (.EXE) Win64 Executable (generic) (10522/11/4)
2.4% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter burger
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
VoiceModCrack.exe
Verdict:
Malicious activity
Analysis date:
2025-08-30 10:07:03 UTC
Tags:
inno installer delphi
Link:
https://app.any.run/tasks/bb345fb9-005c-4a5a-a092-31c1205b9366

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24219/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b2cdebeb163e0ec1832541
Tags:
micro spawn sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Enabling the libraries to load when starting the app (AppInit_DLLs)
Loading a suspicious library
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a file
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Using the Windows Management Instrumentation requests
Creating a file in the Windows directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a file in the system32 directory
Unauthorized injection to a recently created process
Enabling autorun
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 fingerprint installer obfuscated overlay packed reconnaissance
Link:
https://www.filescan.io/uploads/68b2cde739a6221faa763c79/reports/15927666-c6ad-4dfc-b928-bdfb06524039/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-08-27T16:00:00Z UTC
Last seen:
2025-08-27T16:00:00Z UTC
Hits:
~100
Detections:
Trojan.MSIL.Inject.sb Trojan-Dropper.Win32.Delfea.sb Trojan-Dropper.Win32.Delf.eimp Trojan-Dropper.Win32.Agent.gen HEUR:Trojan.Win32.Generic HEUR:Backdoor.MSIL.Crysan.gen Trojan.Win32.Vimditator.sb Trojan.Win32.Agent.sb
Link:
https://opentip.kaspersky.com/70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a/results?tab=lookup
Malware family:
Agent Tesla
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/399a4c07-8015-43b0-8b8b-8abb39d4be20
Gathering data
Score:
84%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.91 Win 32 Exe x86
Link:
https://app.malva.re/file/00ae6f2c2902251c4c0cc47e3fce1181
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a/
Verdict:
Malicious
Threat:
Trojan-Dropper.Win32.Inject
Link:
https://tip.neiki.dev/file/70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a
Threat name:
Win32.Trojan.Zilla
Create hunting rule
Status:
Malicious
First seen:
2025-08-28 20:07:42 UTC
File Type:
PE (Exe)
Extracted files:
123
AV detection:
35 of 38 (92.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=od37awgq2pmpj4uckn6qbisgrfz2mscgkhsky5gabdufhori56na._file
Verdict:
malicious
Label(s):
sheetrat
Create hunting rule
Similar samples:
048de3a8928baf0e340d1331f4b3d9b115c7c7a3f088459e9b2e2ed60847f164
AgentTesla
0a88bfabdd19480ab62124b59c24488483c70a66c7b90ece49c8cb4b16576be7
AgentTesla
0c2bc77b457a5c275fa8420bdd7a9b4635a1246af0a7548da4c95705252456f2
AgentTesla
263748ae9265e9f849e734991c1e48affdd629cb01644c3276ee14a4841b8f7d
AgentTesla
811f30601dbe15e0d78bf4f8319caf3dbed4227af4c08bccf8e7b33229375576
AgentTesla
aa30d948e4f49cf82e268899427fcad2b5f0a49d231272ec5a7df08d4d8b8df0
AgentTesla
c42ae157d6add456789a59d83c8824e1443333eecae6e5e840059acf3d2058fe
AgentTesla
e6b6095b3fad0cc8387668a688aa9a64b4df657db688f9e71d33b3fbc9c32b3f
AgentTesla
edb9d3673a7a5bc9267794fdbf16ab4d551e129aa37d77510bf676352abcc1a7
AgentTesla
error
AgentTesla
+ 283 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/250830-l66h5s1my5/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Enumerates processes with tasklist
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Verdict:
Malicious
Tags:
Win.Packed.Lazy-10031917-0
YARA:
n/a
Link:
https://app.threat.zone/submission/4abad4fa-54b4-4075-9c98-3398470503d8
Unpacked files
SH256 hash:
70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a
MD5 hash:
00ae6f2c2902251c4c0cc47e3fce1181
SHA1 hash:
1455827dfa29403e0e10255eb0b1976adcd4d6e0
Link:
https://www.unpac.me/results/76704534-0146-4d69-964d-6f0807f17baa/
SH256 hash:
59ac390eadca30557132791b273aa9e342623a669ba27c8ee81130df462f0074
MD5 hash:
cac917aa15a454197607f70a6c0ed28f
SHA1 hash:
f1b70bf5fb0d0361487e672c022362208e88b890
Link:
https://www.unpac.me/results/76704534-0146-4d69-964d-6f0807f17baa/
SH256 hash:
e55c5995bf8c99d8b9bc618e843030a207278d7833a1e1a9aa03f3a84b177156
MD5 hash:
a74144669ef12e536ed4aa55c9195b46
SHA1 hash:
8c023059b6bea3c2aa2b291069f92ce47b3c33a1
Link:
https://www.unpac.me/results/76704534-0146-4d69-964d-6f0807f17baa/
SH256 hash:
8cd3ec0181a127f15ffa499f0060a15f6efcc2d43f27d3642991571304e69abe
MD5 hash:
76495289ca9f50864fa9e5d9cbeff499
SHA1 hash:
4bc0e30a7047216aac6286f257304551396be589
Link:
https://www.unpac.me/results/76704534-0146-4d69-964d-6f0807f17baa/
SH256 hash:
44b8e6a310564338968158a1ed88c8535dece20acb06c5e22d87953c261dfed0
MD5 hash:
9c8886759e736d3f27674e0fff63d40a
SHA1 hash:
ceff6a7b106c3262d9e8496d2ab319821b100541
Link:
https://www.unpac.me/results/76704534-0146-4d69-964d-6f0807f17baa/
Malware family:
Alcatraz
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/70f7f058d0d3/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70f7f058d0d3d8f4f282537d00a2468973a6484651e4ac74c008e853ba28ef9a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/24219/

Comments