MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd
SHA3-384 hash: 2f2406ab79d16bd8e98dfa4720b8977d25712b881a3b5d6cbd12dd18f474a4771212ab331422f155eab5c028900e86c1
SHA1 hash: 1f90faffb3b9e845463ca9f258220c6d8c33a87f
MD5 hash: 2b8c34d95efab926971d15fb3d5597f1
humanhash: happy-bulldog-glucose-network
File name:company regitration.xll
Download: download sample
File size:562'688 bytes
First seen:2022-02-22 06:20:15 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Un/zDvGHAykH8vLW/4+8bzbBSreMdsBY4ZyrE7K3yl8PeVooA/AB2LEJZWiAQPUG:2zbGHAzHKjX1HBY4ZyrE7K3yl8PeVoo/
Threatray 43 similar samples on MalwareBazaar
TLSH T1A7C47E57F7DBF6B0E6FE827A86F1851C52B774620260A78F664072886D22392453DF0F
Reporter cocaman
Tags:xll


Avatar
cocaman
Malicious email (T1566.001)
From: "Alexander V. Pyntikov <alexander.pyntikov@inforcegroup.com>" (likely spoofed)
Received: "from sona0.sonangolshpping.com (cloud-1a8100.managed-vps.net [78.128.8.50]) "
Date: "21 Feb 2022 13:58:45 +0100"
Subject: "Re:New offer request"
Attachment: "company regitration.xll"

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
company regitration.xll
Verdict:
No threats detected
Analysis date:
2022-02-21 11:11:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/241e1c2c-2770-49f9-8584-7441a043e9e0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed packed wacatac
Link:
https://www.filescan.io/uploads/621480d4a2660f3bb92274c7/reports/7cbf0f85-7b03-44f5-b34e-36a2e4ed6d4f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd/
Threat name:
ByteCode-MSIL.Trojan.ExcelAddin
Create hunting rule
Status:
Malicious
First seen:
2022-02-22 01:59:00 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ck3unqfvkvxpis7iapaoxn637tf2zu5e7dprw6b5i4ykgejattoq._file
Verdict:
malicious
Similar samples:
1c7e66126306537a453d7a792978464aa8ad5ac2f34bd1fccfffe7e0b9c6d85c
1cbc8581430d4a524a0805f30ce5368340fc943635c76de083527446508027b1
2f617a71f3eaab15248aa9a964c464e71d8ec784417e79c38b5951ddfa39c2de
30980176792fc176767dfd338ef7fd0b73f04b66cd63e1e3b0bbf485bc064ed4
864b3cc362f84975007a63ae6f7fa6b4bdcc06f4459195896ebee385443ed44a
b434e54b1f162ec9a1f9e943e8829069c8e91ff4998acdb6f0e5aa34ceee1cc4
dcb880afbaa7e57f574b4e08595ef2c1ac7100a695359c1edc9af535d7f9e64f
e0a8a096299e8b28d1166af3321045635294e03227d45515f5c48f4fd38e943b
e8ec7dcf12edf07c6099157c32557f41ebd74ddee6b125d1e34dcc4259dc10a7
+ 33 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220222-g4b5asdeb5/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xll 12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments