MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
SHA3-384 hash: 5caf3d8a7adfafe76ffafb198ce388e924a879abe689851460ee2084d5baee7b3048e823c16e99dbcfed4896ce8c8989
SHA1 hash: 6e19e1e6f3a7b96cf562c2f6768f92580652d427
MD5 hash: 4ebc548df517cae4c7e3122e9c75ede6
humanhash: apart-wisconsin-tennis-twelve
File name:PURCHASE ORDER AZAS112.xls.xll
Download: download sample
File size:901'120 bytes
First seen:2021-08-02 12:34:26 UTC
Last seen:2021-08-02 15:10:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm
Threatray 3 similar samples on MalwareBazaar
TLSH T12415C057F7C7FAB0E6BE867A86B2851C537634920260A78F674076886D23392453DF0F
Reporter lowmal3
Tags:exe xll

Intelligence

File Origin
# of uploads :
4
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PURCHASE ORDER AZAS112.xls.xll
Verdict:
No threats detected
Analysis date:
2021-08-02 12:36:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/49daf9f8-dbd8-49c4-87be-38aa949c7183

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175798/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/585e4245-ea64-42f9-9b94-c329579e3b3b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/825498
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-02 12:28:57 UTC
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nrt6dthxpodswhz46jl2ev6xlrezlxahtfcqqd2xrnitk7gnxzkq._file
Verdict:
unknown
Similar samples:
338ffcde4891ef19f8b2974f2a9188e14a90f592322c8fb07acb662b57b35771
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210802-aq81j4z5pe/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
MD5 hash:
4ebc548df517cae4c7e3122e9c75ede6
SHA1 hash:
6e19e1e6f3a7b96cf562c2f6768f92580652d427
Link:
https://www.unpac.me/results/4af610f5-d81f-4907-8fa2-12e02c61544a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/175798/

Comments