MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3e6f290c2bb3453ca9c6eca018c3256d5a4e0e8bf3ab26316d904f3dfa82c23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 2 Yara 2 Comments

SHA256 hash: d3e6f290c2bb3453ca9c6eca018c3256d5a4e0e8bf3ab26316d904f3dfa82c23
SHA3-384 hash: eb7e613c5990fbe2af21d5de53da511aa22ee60ace9f99b20ca08700beadfc2fab0003882bf43b2bbc23572d4ba94688
SHA1 hash: f6f89dd11b43563abfbe19572d61168ab95825ee
MD5 hash: 19e4dc06d4ccb13ede93bd8a3f115848
humanhash: floor-bulldog-crazy-equal
File name:StolenImagesEvidence.xlsm
Download: download sample
Signature BuerLoader
File size:2'780'836 bytes
First seen:2020-06-30 02:03:10 UTC
Last seen:Never
File type:Excel file xlsm
MIME type:application/octet-stream
ssdeep 768:ku877ujWMhngATbrmLCCEhFvBOGmm9JKDLWyV2ZA8fQ0nItejELLHKvCHOXc4:kx77ujWMESIO41V2Zc0nIcjELcCHm
TLSH 7FD53325F5277616C5E7D53801E227B2B37B543B48025F962BF68B381CC67F42786E48
Reporter @makflwana
Tags:AUS BuerLoader


Mail intelligence No data
# of uploads 1
# of downloads 31
Origin country AU AU
ClamAV TwinWave.EvilDoc.ExcelSploitPlainSong.20200420.UNOFFICIAL
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Rdn
First seen:2020-06-30 02:05:05 UTC
AV detection:16 of 31 (51.61%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:n/a
VirusTotal:Virustotal results 30.00%

Yara Signatures

Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:win_buer_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.


Excel file xlsm d3e6f290c2bb3453ca9c6eca018c3256d5a4e0e8bf3ab26316d904f3dfa82c23

(this sample)