MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f
SHA3-384 hash: f5d2caa5d8de42154cade9ac0b2545a13e872e41ddd28ac32c69fe8bff6a93a59947ec87b9a0ab03458e00678cf52b3e
SHA1 hash: 574dc9c608b637f57f4d11dab02c68b1c7a1506a
MD5 hash: 73dfb4a9c26fa00545c47b2ca81a54eb
humanhash: oregon-king-twelve-bakerloo
File name:Factura 0000000065.xll
Download: download sample
File size:653'824 bytes
First seen:2022-02-22 08:07:54 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash be710ba34b048ab0098050ccf62e369c (18 x Formbook, 14 x Dridex, 9 x AgentTesla)
ssdeep 12288:+0Ws7IMsR4yVld8bzbBSreBBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqjR:+0bskX1xBY4ZyrE7K3yl8PeVooA/AB2f
Threatray 40 similar samples on MalwareBazaar
TLSH T18FD46D55BECA6EA1EFBF47B78361D62D0126736E03A0A6CF6643019D3951FC2453EA03
Reporter abuse_ch
Tags:xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.312.27193.19952.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed
Link:
https://www.filescan.io/uploads/621499eeac8ad0468b6537a2/reports/ece9d25d-fca8-4d96-a795-89a4111416a4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-02-20 02:04:44 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oj7reqztfffkxikwqqevls74nlduob3iyzoblawf4dn7znxyoixq._file
Verdict:
malicious
Similar samples:
0c2a4483319382571e9b470d292d0b4bdd4e7e700ff5722a979e4498c147693f
12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd
4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
864b3cc362f84975007a63ae6f7fa6b4bdcc06f4459195896ebee385443ed44a
983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93
9b682330445e8eb6445cc43968e21ae3ffe1b9d8c3ae5210c9a8d12416315d5d
b434e54b1f162ec9a1f9e943e8829069c8e91ff4998acdb6f0e5aa34ceee1cc4
bf3529c3d7d27a23db406da1cae1ab04e4b0c5b14de4aa69d5bb11166e1e5c1f
c61b6512d455398c2ff7fa4450c488e7eaeb8aacc01f732d8204ae302e2cc868
dcb880afbaa7e57f574b4e08595ef2c1ac7100a695359c1edc9af535d7f9e64f
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220222-j1ky5sfefr/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments