MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5 |
|---|---|
| SHA3-384 hash: | 27869faa517a75a128abcfa886315b7326a78d7d2399321f46325ed4f4548908b2ec44ca8445bee1b09134efba59e94a |
| SHA1 hash: | 9b03534a0a0afa6ece6ee5ff004445540bd6f2b7 |
| MD5 hash: | 5d71cffb8c373f93aa78a1cd4ec84180 |
| humanhash: | seven-princess-zulu-cat |
| File name: | AS_1812803127.zip |
| Download: | download sample |
| File size: | 946'287 bytes |
| First seen: | 2022-04-14 07:59:34 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 24576:QOJyMd2N2S2+JgN+9ftNcngOHMhnpKwFet4:QOkFPoA3rCy |
| TLSH | T1D715330CC21374C87B4D28911E592BE66C8A6536494B76D313C65831B736EBCCFBADAC |
| TrID | 80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1) |
| Reporter | |
| Tags: | zip |
Intelligence
File Origin
# of uploads :
1
# of downloads :
235
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.SilentInvasion.20210310.UNOFFICIAL
SecuriteInfo.com.Heur.7656.24803.UNOFFICIAL
TwinWave.EvilDoc.XL4DataopItWasGoodLivingWithYou.20220118.UNOFFICIAL
SecuriteInfo.com.Heur.24777.3553.UNOFFICIAL
TwinWave.EvilDoc.XL4DataopItWasGoodLivingWithYou.20211109.UNOFFICIAL
TwinWave.EvilDoc.XL4QakyFeaturingNothingNowhere.M2.20220215.UNOFFICIAL
SecuriteInfo.com.Heur.9348.31129.UNOFFICIAL
TwinWave.EvilDoc.DataOpGodGaveRockNRoll2U.20211215.UNOFFICIAL
SecuriteInfo.com.Heur.12925.14522.UNOFFICIAL
TwinWave.EvilDoc.XL4QakyFeaturingNothingNowhere.M2.20210611.UNOFFICIAL
SecuriteInfo.com.Heur.7656.24803.UNOFFICIAL
TwinWave.EvilDoc.XL4DataopItWasGoodLivingWithYou.20220118.UNOFFICIAL
SecuriteInfo.com.Heur.24777.3553.UNOFFICIAL
TwinWave.EvilDoc.XL4DataopItWasGoodLivingWithYou.20211109.UNOFFICIAL
TwinWave.EvilDoc.XL4QakyFeaturingNothingNowhere.M2.20220215.UNOFFICIAL
SecuriteInfo.com.Heur.9348.31129.UNOFFICIAL
TwinWave.EvilDoc.DataOpGodGaveRockNRoll2U.20211215.UNOFFICIAL
SecuriteInfo.com.Heur.12925.14522.UNOFFICIAL
TwinWave.EvilDoc.XL4QakyFeaturingNothingNowhere.M2.20210611.UNOFFICIAL
Result
Verdict:
Malicious
File Type:
OOXML Excel File with Excel4Macro
Document image
Image:
Verdict:
No Threat
Threat level:
2/10
Confidence:
100%
Tags:
stripped
Result
Verdict:
MALICIOUS
Link:
Threat name:
Document-Office.Backdoor.Quakbot
Status:
Malicious
First seen:
2022-04-14 08:00:10 UTC
File Type:
Binary (Archive)
Extracted files:
76
AV detection:
9 of 42 (21.43%)
Threat level:
5/5
Result
Malware family:
n/a
Score:
10/10
Tags:
n/a
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Process spawned unexpected child process
Malware Config
Dropper Extraction:
https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.84
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Distributed via e-mail link
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.