MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e4e6b2604f324b4f5fcef8a191297f00852bf763fec9f9d7762cf564b528bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 1 Yara 1 Comments

SHA256 hash: 1e4e6b2604f324b4f5fcef8a191297f00852bf763fec9f9d7762cf564b528bef
SHA3-384 hash: feed46b744db510737ba865b1956de5742a6e111595fef78d65b0d073b8d38ef89c7f79186479fcbfe9d8499cde24451
SHA1 hash: 513023d6a2c721b6320e03238cb3c3ec045d456e
MD5 hash: 03b5f09b442e54ebe2de2b91d19399c9
humanhash: lion-ack-fanta-washington
File name:UOD_0.xls
Download: download sample
Signature TrickBot
File size:383'488 bytes
First seen:2020-06-30 06:21:50 UTC
Last seen:2020-06-30 07:01:22 UTC
File type:Excel file xls
MIME type:application/
ssdeep 6144:xk3hbdlylKsgqopeJBWhZFVE+W2NdAZr3iXm0KyqxE6T58OYbiZw0c7YKN5RVLTZ:emB9E87Xc7YKrRVLlPhPNn
TLSH B984AC96EE15CA26DBE582358F9355E0571EFC0052360B0FAAD1B7373FAE5619E0E0C2
Reporter @abuse_ch
Tags:TrickBot xls

Unknown payload URL:


Mail intelligence No data
# of uploads 2
# of downloads 38
Origin country FR FR
ClamAV TwinWave.EvilDoc.Excel4SetNameBangYourHead.20200628.UNOFFICIAL
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Document-Word.Downloader.Encdoc
First seen:2020-06-30 06:23:04 UTC
AV detection:4 of 48 (8.33%)
Threat level:   3/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
VirusTotal:Virustotal results 8.20%

Yara Signatures

Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Excel file xls 1e4e6b2604f324b4f5fcef8a191297f00852bf763fec9f9d7762cf564b528bef

(this sample)

Delivery method
Distributed via e-mail attachment