MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f1546c28e06698400fdb0c307bc82e4ab74ecac4913cbd106648f17a81e02ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 5f1546c28e06698400fdb0c307bc82e4ab74ecac4913cbd106648f17a81e02ff
SHA3-384 hash: 186f40c7dfd6553f0417f727f9e019cbfcbde76cc8acda5959ce65641ba41a5c09d32a2a915232faa2c17bb89e551bb2
SHA1 hash: 7209cc8af3c1704cd35aa5f9650335e50eba09ef
MD5 hash: 74e2a78248c6f0a949f2bcd86d0315c8
humanhash: papa-georgia-three-pluto
File name:scan 0003.xlsm
Download: download sample
Signature n/a
File size:80'443 bytes
First seen:2020-07-31 10:34:47 UTC
Last seen:Never
File type:Excel file xlsm
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 1536:4IkV/slzpcUkATocf8LFKDvJtwVD1BSw/+ipXDYpUbL8a7g4:CstuUw1JD1Qw/+ipXDYpaLf
TLSH 697302305F02AC93C253A7B2A5B64D74514F39518609FB6F792CF6E5840A6F40B5C2EF
Reporter @abuse_ch
Tags:xlsm


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: gasteev.com
Sending IP: 37.49.224.121
From: Jarmila Vymazalová <info@gasteev.com>
Subject: ČOV Vinařice HYDRO order lists
Attachment: scan 0003.xlsm

Unknown payload URL:
https://www.sol-u-ink.com/look/hoga.exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
35
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Behaviour
Behavior Graph:
n/a
Threat name:
Script-Macro.Downloader.SLoad
Status:
Suspicious
First seen:
2020-07-31 10:36:06 UTC
AV detection:
9 of 31 (29.03%)
Threat level
  3/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Office loads VBA resources, possible macro or embedded object present
Program crash
Executes dropped EXE
Executes dropped EXE
ServiceHost packer
Threat name:
Malicious File
Score:
1.00

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xlsm 5f1546c28e06698400fdb0c307bc82e4ab74ecac4913cbd106648f17a81e02ff

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments