MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8156ce4621048984bce4875898da52376777c2380543fd353de5af5b72c5ebca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8156ce4621048984bce4875898da52376777c2380543fd353de5af5b72c5ebca
SHA3-384 hash:	ca3e6b185e64586538fbaffc2238f0629f5a0f510ef94332b35b3cb46882a506760fd3d15520c8ac527bfaa9aaa95b71
SHA1 hash:	5fbd19b0234034faa3802ed7cd7fed5b6fb2aaeb
MD5 hash:	37272b75ea6f3a07940ba541acb10bc6
humanhash:	lemon-nuts-indigo-robert
File name:	SecuriteInfo.com.Heur.1340.12595
Download:	download sample
File size:	65'024 bytes
First seen:	2021-04-07 03:49:14 UTC
Last seen:	2021-04-07 03:49:15 UTC
File type:	ppt
MIME type:	application/vnd.ms-powerpoint
ssdeep	384:QP09rFvwQKUawHFQ0ugmYMCNqF7clFo39D:QOv9bQaMCkcjo
TLSH	B753A3187698D219E0264F378ED6D7F63378BC046F8A433B3264332F6E776919A25B50
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

154

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Heur.1340.12595

Verdict:

No threats detected

Analysis date:

2021-04-07 03:51:59 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/0e1e3346-07cc-4df6-a0d7-a51bd6f8a28f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

TwinWave.EvilDoc.ICEDIDOGORiginalGangsterGOMethodsM1.20200923.UNOFFICIAL

TwinWave.EvilDoc.DOCXRSTRGOOD.WSHUUID.210201.UNOFFICIAL

TwinWave.EvilDoc.GETObjectConcatDevilInside.20210406.UNOFFICIAL

SecuriteInfo.com.VB.Trojan.Valyria.4194.25771.7425.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Result

Verdict:

Malicious

File Type:

Legacy PowerPoint File with Macro

Link:

https://app.docguard.net/8156ce4621048984bce4875898da52376777c2380543fd353de5af5b72c5ebca/results/dashboard

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/8156ce4621048984bce4875898da52376777c2380543fd353de5af5b72c5ebca

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/668163

Signature

Document contains an embedded VBA macro which may execute processes

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8156ce4621048984bce4875898da52376777c2380543fd353de5af5b72c5ebca/

Threat name:

Document-Office.Trojan.Valyria

Status:

Malicious

First seen:

2021-04-07 03:50:06 UTC

AV detection:

10 of 48 (20.83%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

macro macro_on_action xlm

Link:

https://tria.ge/reports/210407-6941qs23ds/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8156ce4621048984bce4875898da52376777c2380543fd353de5af5b72c5ebca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample