MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30980176792fc176767dfd338ef7fd0b73f04b66cd63e1e3b0bbf485bc064ed4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30980176792fc176767dfd338ef7fd0b73f04b66cd63e1e3b0bbf485bc064ed4
SHA3-384 hash: 30bda2a271c9d2a90bdbc14cd8dd61602113a4c1b5c519ee118a8ac69189ae7565c201d7492f7cb097ecdb22eb900b12
SHA1 hash: 487544a52db678bb99208df6c7a1bbbfd28caa31
MD5 hash: e3ba01211662f2a72b070ed82ba70dab
humanhash: emma-florida-alanine-harry
File name:scanned copy.xll
Download: download sample
File size:584'704 bytes
First seen:2022-02-15 02:15:00 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Un/zDvGHAykHSzLW/4+8bzbBSreMdsozgFK/UqW:2zbGHAzHAjX1WcL
Threatray 34 similar samples on MalwareBazaar
TLSH T114C48D57F7C7FAB0E6BE827A86B1891C527774520260A78F674072896D23392493DF0F
Reporter abuse_ch
Tags:xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/30980176792fc176767dfd338ef7fd0b73f04b66cd63e1e3b0bbf485bc064ed4/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/620b0caea2660f3bb9d58680/reports/c5813e85-eb1c-4ec5-9e65-a55e3fa8e3e4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30980176792fc176767dfd338ef7fd0b73f04b66cd63e1e3b0bbf485bc064ed4/
Threat name:
ByteCode-MSIL.Trojan.ExcelAddin
Create hunting rule
Status:
Malicious
First seen:
2022-02-15 02:15:13 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gcmac5tzf7axm5t57uzy5575bnz7as3gzvr6dy5qxp2ilpagj3ka._file
Verdict:
malicious
Similar samples:
02f05760666bda9018b95e442486c504cb67f02f5603406be55effc6dbf5c592
1c7e66126306537a453d7a792978464aa8ad5ac2f34bd1fccfffe7e0b9c6d85c
1cbc8581430d4a524a0805f30ce5368340fc943635c76de083527446508027b1
882312787d62f8bbebd46a7ce54207ec7eced13335de9ce6ae75a0a1e52dcb09
bac03f9b60b043b72ae8548b8915dd6058c71b6beae23652389b0cb9310af91d
ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e
e01271da5d003c2c0c47314e9bf83fc66e2329c27e7febd768db1a4ecc45aedb
e8ec7dcf12edf07c6099157c32557f41ebd74ddee6b125d1e34dcc4259dc10a7
f62a1c42d31a2665f1fe2ecec1895645750529f6eb9ce4a3421439bd1bff3171
fc80f7f615d4130160c30ec1c8e4cd885a7f42978ead2509cfdd350ad3547882
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/220215-cpk2facbcj/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Loads dropped DLL
Downloads MZ/PE file
Executes dropped EXE
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/30980176792fc176767dfd338ef7fd0b73f04b66cd63e1e3b0bbf485bc064ed4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments