MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5
SHA3-384 hash:	27869faa517a75a128abcfa886315b7326a78d7d2399321f46325ed4f4548908b2ec44ca8445bee1b09134efba59e94a
SHA1 hash:	9b03534a0a0afa6ece6ee5ff004445540bd6f2b7
MD5 hash:	5d71cffb8c373f93aa78a1cd4ec84180
humanhash:	seven-princess-zulu-cat
File name:	AS_1812803127.zip
Download:	download sample
File size:	946'287 bytes
First seen:	2022-04-14 07:59:34 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:QOJyMd2N2S2+JgN+9ftNcngOHMhnpKwFet4:QOkFPoA3rCy
TLSH	T1D715330CC21374C87B4D28911E592BE66C8A6536494B76D313C65831B736EBCCFBADAC
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	VaudCERT
Tags:	zip

Intelligence

File Origin

# of uploads :

# of downloads :

235

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

TwinWave.EvilDoc.SilentInvasion.20210310.UNOFFICIAL

SecuriteInfo.com.Heur.7656.24803.UNOFFICIAL

TwinWave.EvilDoc.XL4DataopItWasGoodLivingWithYou.20220118.UNOFFICIAL

SecuriteInfo.com.Heur.24777.3553.UNOFFICIAL

TwinWave.EvilDoc.XL4DataopItWasGoodLivingWithYou.20211109.UNOFFICIAL

TwinWave.EvilDoc.XL4QakyFeaturingNothingNowhere.M2.20220215.UNOFFICIAL

SecuriteInfo.com.Heur.9348.31129.UNOFFICIAL

TwinWave.EvilDoc.DataOpGodGaveRockNRoll2U.20211215.UNOFFICIAL

SecuriteInfo.com.Heur.12925.14522.UNOFFICIAL

TwinWave.EvilDoc.XL4QakyFeaturingNothingNowhere.M2.20210611.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

OOXML Excel File with Excel4Macro

Link:

https://app.docguard.net/00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5/results/dashboard

Document image

Image:

Download PNG

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

stripped

Link:

https://www.filescan.io/uploads/6257d485eab80a7a6c111147/reports/fc52d31a-bd44-4bf7-af70-8b6ef611fee1/overview

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5/

Threat name:

Document-Office.Backdoor.Quakbot

Status:

Malicious

First seen:

2022-04-14 08:00:10 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

9 of 42 (21.43%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220414-jvzkcaagep/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Process spawned unexpected child process

Malware Config

Dropper Extraction:

https://maramaabroo.com/XGLCPZf6et/Cvnhfn.png
https://natalespatagonia.cl/w2X7dAxp/Cvnhfn.png
https://camarajocaclaudino.pb.gov.br/5jajRnhLV0/Cvnhfn.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.84

Link:

https://yomi.yoroi.company/submissions/00e0e640564424b2b9ab9b9d4d25ef201679cd9d90002a7ab9bc9210d1ef5fc5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

URLhaus

https://urlhaus.abuse.ch/url/2144622/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample