MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e96df946a5b326c879909e8f903f07714af2a3a206d642337d733a9a83d38516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SilentBuilder


Vendor detections: 5


Intelligence 5 File information Yara Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: e96df946a5b326c879909e8f903f07714af2a3a206d642337d733a9a83d38516
SHA3-384 hash: 1b35ff0baa1bfdb61c2e70a1a58b7e05ded236e17f3bda3c62e808d2beffaa867e1769911d778ba477f2b8e2bc81deb7
SHA1 hash: 861ad9c8a91baf5a4fd3e9087109140534cc2225
MD5 hash: df13732464da151ff054e5b75d2b68f1
humanhash: seventeen-carolina-blue-july
File name:critical 36.zip
Download: download sample
Signature SilentBuilder
Create hunting rule
File size:15'648 bytes
First seen:2021-02-22 19:11:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:QIzg1znZqToaaTOvSbHJ2OHnFPopJ5s6luRWqhuDSzjAWUvvKLJrd0VpGvpcesi:Qr1F4qTNbHJJHWpJ5sTWqNzjnUaLDyda
TLSH 3C62C077245E6A39F8185E344740E75BB1524F2D788317CE5F6520039B93FADE832749
Reporter @abuse_ch
Tags:SilentBuilder zip


Twitter
@abuse_ch
Malspam distributing SilentBuilder:

HELO: cpanel.simplypos.org.in
Sending IP: 72.15.201.31
From: Royce <maynard39@production.offline.simplypos.org.in>
Subject: [Home Depot Survey] Share your opinion and claim your gift!_________#003
Attachment: critical 36.zip (contains "document-1915351743.xls")

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.QakbotTheDuck.20200928.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4MagicPalmersArcade.20201207.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4MacroLuresWatchingTheDectives.20210115.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4DragoTrainingMontage.20210204.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EvilDoc.Excel4EnjoyTheSilence.20210212.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.QakySoWacky.M2.20210218.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e96df946a5b326c879909e8f903f07714af2a3a206d642337d733a9a83d38516
Details
Autostarting Excel Macro Sheet
Excel contains Macrosheet logic that will trigger automatically upon document open.
Detection:
n/a
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e96df946a5b326c879909e8f903f07714af2a3a206d642337d733a9a83d38516/
Threat name:
Document-Word.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 19:12:08 UTC
AV detection:
16 of 47 (34.04%)
Threat level
  5/5
Detection(s):
Malicious file
Link:
https://www.spamhaus.org/query/hash/5fw7srvfwmtmq6mqt2hzapyhoffpfi5ca3leem35om5jva6tqula._file
Threat name:
Kryptik
Score:
1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SilentBuilder

zip e96df946a5b326c879909e8f903f07714af2a3a206d642337d733a9a83d38516

(this sample)

SilentBuilder

Excel file xls 21944a6a3c05598d1cdc6893c982e22d81344ff8bc8225811691512976aa6bcc

  
Dropping
MD5 976d437fbf1c1598413411d366092cb6
  
Dropping
SilentBuilder
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21944a6a3c05598d1cdc6893c982e22d81344ff8bc8225811691512976aa6bcc

Comments