MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a7269271ab8c721df1f43ac853d4b71cef7e5015696d2bb46f89fcb3ce92160. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 2 Comments

SHA256 hash: 7a7269271ab8c721df1f43ac853d4b71cef7e5015696d2bb46f89fcb3ce92160
SHA3-384 hash: db0eac3ed2a5fd968d69d68986e62538954df97e9a1661da09bf739fd2bf108d5208bcb97c64cc328b3b2ff2e6bc774e
SHA1 hash: c812e11daad5bc081159f5f80979686d08ce59c0
MD5 hash: 2d28a4e03ec3c94fbaa1e3c1c333bd51
humanhash: alanine-pasta-lactose-low
File name:Form_0015135479.xls
Download: download sample
Signature n/a
File size:251'397 bytes
First seen:2020-07-31 10:05:04 UTC
Last seen:2020-07-31 11:09:22 UTC
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 6144:Gk3hOdsylKlgryzc4bNhZF+E+W2knA1hlIrcbnOWl5CZuSv:MrNbn1oQg
TLSH BC3452D5B729DA2ADBA7CBB99E1F16B20715ED02931D47C3A2C0B1397F1D2758E980C0
Reporter @0xCARNAGE


Twitter
@0xCARNAGE
Has a botched formula and won't execute but is attempting to reach the same payload url as other samples seen today

Intelligence


File Origin
# of uploads :
2
# of downloads :
32
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Threat name:
Hidden Macro 4.0
Detection:
malicious
Classification:
evad
Score:
52 / 100
Signature
Found abnormal large hidden Excel 4.0 Macro sheet
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Behaviour
Behavior Graph:
Threat name:
Document-Word.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 10:07:03 UTC
AV detection:
8 of 31 (25.81%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro
Behaviour
Suspicious Office macro
Threat name:
Malicious File
Score:
1.00

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:SUSP_EnableContent_String_Gen
Author:Florian Roth
Description:Detects suspicious string that asks to enable active content in Office Doc
Reference:Internal Research

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xls 7a7269271ab8c721df1f43ac853d4b71cef7e5015696d2bb46f89fcb3ce92160

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments