MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec
SHA3-384 hash: 36e0b7d5f1fdc91c9c322a6db8291ab79dcb9d9105f49906e5c3024a5593f996d664873d31d4f105721fbfa9c71bb822
SHA1 hash: 419cf72cb631dafbc2a8e219e9e2d2d571d34b7d
MD5 hash: 85b455f61c679d481ff562b4454c78ac
humanhash: failed-michigan-arizona-nevada
File name:Approval August Orders.xll
Download: download sample
File size:706'048 bytes
First seen:2021-09-05 07:33:09 UTC
Last seen:2021-09-05 09:16:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 946c7b5f0ac6d3a47863eb46459f9075
ssdeep 12288:HHGqRJHO4pMetgC8bzbBSregUIVgFK/UqWgqUAS:HZRJHvkJX1IcLg5V
Threatray 3 similar samples on MalwareBazaar
TLSH T169E4AF67F3D7F6B4E6BF827A86B1C92C5276745602B0938E774075892D22392493CB0F
Reporter cocaman
Tags:exe xll

Intelligence

File Origin
# of uploads :
9
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
August Orders.xll
Verdict:
No threats detected
Analysis date:
2021-09-01 18:46:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ffbd0000-8cf3-4774-b5bd-67eabefb3572

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185391/
Detection(s):
SecuriteInfo.com.Trojan.Generic.30041279.7228.16279.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b24de08a-76fa-459f-b845-70c38c4768c2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/845475
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-09-01 14:45:13 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
23 of 43 (53.49%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l4p7sphu5mpmknacww5zlgtp2hkmst7naqlani45pmzuw2mvctwa._file
Verdict:
unknown
Similar samples:
02fb8eb6c513e90738234def1f0ee6869d25af749ba3285b9b979ed33c3ec2e9
4d722ed2510391ddcfc520cdfff4d6bd8d4f1366aa50a82a925fc6d35db5f388
c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210905-jd44hacehp/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec
MD5 hash:
85b455f61c679d481ff562b4454c78ac
SHA1 hash:
419cf72cb631dafbc2a8e219e9e2d2d571d34b7d
Link:
https://www.unpac.me/results/728b30b5-6ee0-4e92-9850-76b434e290d3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b8ceca4b11fb4406089849878913410dbfc96820071ed7255b260c5213004119

Executable exe 5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 b8ceca4b11fb4406089849878913410dbfc96820071ed7255b260c5213004119
Cape
Cape
https://www.capesandbox.com/analysis/185391/

Comments