MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 604783822f1708e5b7e8ad05a3d598cab03ccd6c702cc213709346938c0b8e97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 604783822f1708e5b7e8ad05a3d598cab03ccd6c702cc213709346938c0b8e97
SHA3-384 hash: 41109db0437c36901a5081fe9724fef8f13c105b0961ccfba0fbd40883f5d7b1df717fc2d82109e5e40234826dd2c088
SHA1 hash: d8a873029a5b5827c798b91ac1afbc6dd462c2cd
MD5 hash: 06fa81bea7a5eb7c241505e782acf0f4
humanhash: whiskey-stairway-nuts-oscar
File name:PACKING LIST-xlsx.xll
Download: download sample
File size:652'288 bytes
First seen:2022-04-16 06:11:47 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash be710ba34b048ab0098050ccf62e369c (18 x Formbook, 14 x Dridex, 9 x AgentTesla)
ssdeep 12288:D0Ws7IMtR4yVld8bzbBSrenVLgFK/UqW1:D0bdkX1FbcL
Threatray 112 similar samples on MalwareBazaar
TLSH T142D46C55BECA6EA1EFBF47BB8361D62D0226735D03A1A6CF360305993951FC2453EA03
TrID 58.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
34.3% (.OCX) Windows ActiveX control (116521/4/18)
3.0% (.EXE) Win64 Executable (generic) (10523/12/4)
1.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.3% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
285
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PACKING LIST-xlsx.xll
Verdict:
No threats detected
Analysis date:
2022-04-16 06:17:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4c7d9e55-bf12-423c-a177-0b2351b5ff10

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.312.27193.19952.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/604783822f1708e5b7e8ad05a3d598cab03ccd6c702cc213709346938c0b8e97/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed packed
Link:
https://www.filescan.io/uploads/625a5e35eab80a7a6c230af8/reports/690d34e7-6020-4aad-8785-cbc078ce2b18/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/604783822f1708e5b7e8ad05a3d598cab03ccd6c702cc213709346938c0b8e97/
Threat name:
ByteCode-MSIL.Trojan.ExcelAddin
Create hunting rule
Status:
Malicious
First seen:
2022-04-15 14:20:01 UTC
File Type:
PE (Dll)
Extracted files:
3
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbdyharpc4eoln7ivuc2hvmyzkydztlmoawmee3qsndjhdalr2lq._file
Verdict:
unknown
Similar samples:
0d39c74b9b2d8f9f6986b5ca4bba3f47e75e3ec3ee14c6ecf9beb350fb08d56f
727a5978e88a3fd2afd1ae7003cee18e31bd06555718597763908785989d9e85
97e21c7a37cbdb5cff93a18cce5b5495574be821d999e0e876c8be48ab56ca6e
b208a4a53f2622d6c62ecf258987a2038dad2255739f089e8994acc8f6ea0026
b99ee6d1625f7b0c9685c3bb49173c4425e39fbfe6a1a4eb6faf039b1ecbbfb8
cbbfb438d9293b284bd6181e6ede7b2929772817736ff27aef7baa6484daeabd
ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e
d838c7ad537e71dab1b968088db4b08195429a5ba6c22fdacad992caf27082a0
df22b02f086ac431a0d5687e0b4e96bf57f854bc0f006abb0e8fc67a8d7a7107
fbfaa1c4f9d13a4c6043bc66e71df3304be8bf8eec0277680c65c2bef402513b
+ 102 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220416-gx6qbsdcbl/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/604783822f1708e5b7e8ad05a3d598cab03ccd6c702cc213709346938c0b8e97

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xll 604783822f1708e5b7e8ad05a3d598cab03ccd6c702cc213709346938c0b8e97

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments