MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ee03cc5f9b8111e270aaf8a7bd92568e6604efdfda8d124d67892fa5d4690cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ee03cc5f9b8111e270aaf8a7bd92568e6604efdfda8d124d67892fa5d4690cf
SHA3-384 hash: a362fb6e5ecdeedaed77b8e8d038abfdb0d1b7cda7ecaa796d81a749781db8f8373ea7fcd50409e5135cc0ed56dcc73d
SHA1 hash: b6e9b512573dd3b14ce44b7efc5f70a00cd114a4
MD5 hash: 8b601d974e8316f43171f0c9d62f806b
humanhash: happy-uniform-muppet-mango
File name:SecuriteInfo.com.VB.Trojan.Valyria.4194.179.28861
Download: download sample
File size:71'168 bytes
First seen:2021-04-08 17:23:07 UTC
Last seen:Never
File type:PowerPoint file ppt
MIME type:application/vnd.ms-powerpoint
ssdeep 192:n8mBXz5nYjmBp/3seb3mMOhAWYixeeHIIuneI6hYrfHHI5fsySl80Jgwq/1:8+nYjmP/x3VOhPJx/HIIaTotsySl8v1
TLSH D2630B1CF279E787D1540A3D5B8792AA22283CA16E4972F731C833FFDE36642B81D615
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.VB.Trojan.Valyria.4194.179.28861
Verdict:
No threats detected
Analysis date:
2021-04-08 17:26:59 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9b8a3f43-cde5-4542-b247-9b416c012548

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.VB.Trojan.Valyria.4194.179.28861.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
Suspicious
File Type:
Legacy PowerPoint File with Macro
Link:
https://app.docguard.net/0ee03cc5f9b8111e270aaf8a7bd92568e6604efdfda8d124d67892fa5d4690cf/results/dashboard
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0ee03cc5f9b8111e270aaf8a7bd92568e6604efdfda8d124d67892fa5d4690cf
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/670612
Signature
Document contains an embedded VBA with many string operations indicating source code obfuscation
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ee03cc5f9b8111e270aaf8a7bd92568e6604efdfda8d124d67892fa5d4690cf/
Threat name:
Script-Macro.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 05:00:50 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro macro_on_action xlm
Link:
https://tria.ge/reports/210408-afd22f9g2a/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/0ee03cc5f9b8111e270aaf8a7bd92568e6604efdfda8d124d67892fa5d4690cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments