MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af46cdc24841137fde934d17a1b059d8cf98d9bb480472f8abef75d4d7eca1f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: af46cdc24841137fde934d17a1b059d8cf98d9bb480472f8abef75d4d7eca1f2
SHA3-384 hash: a1e535924eba07f40e0f401d60bd16a8f4673abf97199b9d5da81f81b3a5573c55036d3353c4c1e4f3b978f5c68de0f2
SHA1 hash: 0d0d4222876f54423a2aca8e10f06953aa55aa31
MD5 hash: d60f73a322bd68302ca10708fbb11e36
humanhash: march-may-whiskey-mississippi
File name:order-update.xlsm
Download: download sample
Signature n/a
File size:80'443 bytes
First seen:2020-07-31 11:42:29 UTC
Last seen:Never
File type:Excel file xlsm
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 1536:N/slzpcUkATocf8LFKDvJtwVD1BSw/+ipXDYpUbL85FG:5stuUw1JD1Qw/+ipXDYpaLV
TLSH 6E7302B05F039C96C113D377A1BB4D20144E39424609FB6B2A24ABE6990D7B906AC3EB
Reporter @abuse_ch
Tags:xlsm


Twitter
@abuse_ch
Unknown payload URL:
http://185.172.110.210/focm/myte.exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
52 / 100
Signature
Creates HTML files with .exe extension (expired dropper behavior)
Document exploit detected (creates forbidden files)
Behaviour
Behavior Graph:
Threat name:
Document-Office.Downloader.SLoad
Status:
Suspicious
First seen:
2020-07-30 19:12:42 UTC
AV detection:
8 of 31 (25.81%)
Threat level
  3/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Checks processor information in registry
Enumerates system info in registry
Office loads VBA resources, possible macro or embedded object present
Threat name:
Dropper
Score:
0.80

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments