MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b70d94fd7da398d1d9a9bb0824bfea4009c441a0852a004fbed4b44c43ee8948. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b70d94fd7da398d1d9a9bb0824bfea4009c441a0852a004fbed4b44c43ee8948
SHA3-384 hash: 1575c4f8977570e5a8b1f5304fb72eca98a0c64f662362b5f58f0273b26fc10d081f7bb5acb55771c1a1b07995a0762e
SHA1 hash: 6e24d3da3b7d96fb9830d3e078664927c6363a84
MD5 hash: c7b7ff298a17a855490b4e2e8a258e9a
humanhash: fillet-west-social-zebra
File name:PO 20-11-2020.pps
Download: download sample
Signature AgentTesla
Create hunting rule
File size:163'328 bytes
First seen:2020-11-20 07:31:21 UTC
Last seen:Never
File type:PowerPoint file ppt
MIME type:application/vnd.ms-powerpoint
ssdeep 1536:QDP0OFmpZ+cMIWNrGWyrrsKrVS09ARtBkxepeWyRKMYEfNjec:M7FmjazkW8vTADYRbljec
TLSH 0EF3C577B9C556BED01B42F8BE1209992B096F18EB4DF9EF10117E8A3EF12430D491DA
Reporter ffforward
Tags:AgentTesla pps

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/544001
Signature
Creates HTML files with .exe extension (expired dropper behavior)
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Multi AV Scanner detection for submitted file
Obfuscated command line found
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious Certutil Command
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b70d94fd7da398d1d9a9bb0824bfea4009c441a0852a004fbed4b44c43ee8948/
Threat name:
Document-Word.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 07:32:05 UTC
File Type:
Document
Extracted files:
66
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro
Link:
https://tria.ge/reports/201120-zclrtnbzd2/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

PowerPoint file ppt b70d94fd7da398d1d9a9bb0824bfea4009c441a0852a004fbed4b44c43ee8948

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments