MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1eada510670dffe57447c5a786a440c4472e416d6bb9ece2c018526e6447688c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 2 Comments

SHA256 hash: 1eada510670dffe57447c5a786a440c4472e416d6bb9ece2c018526e6447688c
SHA3-384 hash: 73ddb5a0c6faef381958b287d2f415bf4624f9bfd12255f482ff4bbb8d9cb01d650f07ff065aa4367222d1cb367c3010
SHA1 hash: adbdace8847aa3822dd94284337d9f6a9212189b
MD5 hash: f7ba28d76229a780717120f7fd0d6e37
humanhash: lamp-winter-network-cat
File name:Goods_pricelist.xls
Download: download sample
Signature TrickBot
File size:84'997 bytes
First seen:2020-06-29 18:04:35 UTC
Last seen:Never
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 1536:Nk3hOdsylKlgryzc4bNhZFGzE+cL4LgldATm2LWx/or6mKvdw2/aQz2N4:Nk3hOdsylKlgryzc4bNhZFGzE+cL4Lgx
TLSH D6830DE2FB44DA25CAD5CA798FAB52E52316FD01561A4B8773C0B239BFBD1708E0D181
Reporter @abuse_ch
Tags:TrickBot xls


Twitter
@abuse_ch
Malspam distributing TrickBot:

HELO: smtp93.iad3a.emailsrvr.com
Sending IP: 173.203.187.93
From: Bullimited <rosalba@esa.com.mx>
Subject: Products and services the price rate
Attachment: Goods_pricelist.xls

TrickBot payload URL:
http://45.140.16.6/api_dll.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 44
Origin country US US
ClamAV TwinWave.EvilDoc.Excel4SetNameBangYourHead.20200628.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/1eada510670dffe57447c5a786a440c4472e416d6bb9ece2c018526e6447688c/
ReversingLabs :Status:Benign
Threat name:No data
First seen:2020-06-29 18:06:04 UTC
AV detection:1 of 48 (2.08%)
Trust factor:
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   1/10
Malware Family:n/a
Link: https://tria.ge/reports/200629-hdagr9h8v6/
Tags:n/a
VirusTotal:No data

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:SUSP_EnableContent_String_Gen
Author:Florian Roth
Description:Detects suspicious string that asks to enable active content in Office Doc
Reference:Internal Research

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

TrickBot

Excel file xls 1eada510670dffe57447c5a786a440c4472e416d6bb9ece2c018526e6447688c

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments