MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c964794e19b093b78a81da3b8dcafbe3d32153a044c19f6892829ed9ff71f46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c964794e19b093b78a81da3b8dcafbe3d32153a044c19f6892829ed9ff71f46
SHA3-384 hash: 5f065f6e548b80c714da13d94ed97374a0c2fa8969d54708e2ebc2edfcf8aee97b0900a1e018cd60464cdc349197e15c
SHA1 hash: b149e68a48d1fd16d3dd563bd1517f8b031b31c4
MD5 hash: 85ae2d7cd0c312f7fb0c1eeab79f19cf
humanhash: kilo-bulldog-may-glucose
File name:11.xll
Download: download sample
File size:39'360 bytes
First seen:2021-11-15 16:23:20 UTC
Last seen:2021-11-16 11:30:14 UTC
File type:Excel file xll
MIME type:application/x-dosexec
imphash ab08e4629a75b80e4430d16f744bf656 (1 x Heodo)
ssdeep 768:GVt+iRrYS51RNM7Odcse/bqvV3ugE7skOTmYsT4dzQJX3bke+cj6:jiRrY6R27OdWo9ugEfSyvNj6
Threatray 8 similar samples on MalwareBazaar
TLSH T136039E6665582CE3D989177828E72B3F8E50FB23EED56071A0D0D4CBDA49BC31BCC265
Reporter info_sec_ca
Tags:POLE CLEAN LTD xll

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.774921.21567.1975.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/7c964794e19b093b78a81da3b8dcafbe3d32153a044c19f6892829ed9ff71f46/results/dashboard
Payload URLs
URL
File name
http://crl.comodoca.com/AAACertificateServices.crl06
Office Plugin File
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
keylogger overlay packed
Link:
https://www.filescan.io/uploads/619289a5a00afa9663a87ad9/reports/c39a3f3b-77f6-474d-bc76-4cbd5091f1af/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c964794e19b093b78a81da3b8dcafbe3d32153a044c19f6892829ed9ff71f46/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 16:24:06 UTC
AV detection:
22 of 27 (81.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pslepfhbtmetw6fidwr3rxfpxy6tefj2argbt5ujfau63h7xd5da._file
Verdict:
malicious
Similar samples:
27df37e6d4e820e016c55415b4c1ab5732ed402443296e2c547800eae4bf560c
4d52f61961a8e584db24d2162cdcd12781bc4f63e32171964a51410421108401
6b74dc043f9a12823ed98d704e4c8543c9b5d8b9240e65e9d31d2303ab914906
851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0
a334885a72d65b2920f247d4a15de104e1b020713f08964316e566d8323bd474
d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d
f5fd02ebd2376fd1bc1ff121e9bfda618755a5c049edc8a4288eb67eb1cc7f9b
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211115-twc3vafggq/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c964794e19b093b78a81da3b8dcafbe3d32153a044c19f6892829ed9ff71f46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments