MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a
SHA3-384 hash: baa8b70f3d0c5f026c167697c3dc766b8878f3d65de05a2ea0aa72b4f20f11995014a3d9de5743dd264448bf5d75af36
SHA1 hash: 89236d9795f1e8db7d895d0e364dd4768ebc6410
MD5 hash: fba1fd894b9201a11e866ba58c80ae61
humanhash: river-may-arkansas-pizza
File name:OfficeConsultPlugin.exe
Download: download sample
File size:1'501'600 bytes
First seen:2021-04-08 07:52:52 UTC
Last seen:2021-04-12 17:19:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e9c0657252137ac61c1eeeba4c021000 (53 x GuLoader, 26 x RedLineStealer, 17 x AgentTesla)
ssdeep 24576:vdHmODmYHSmdLMB80i8olWKuoDoDNV4DmF60sBpJ8lyvb+Y:vtbSm1MJoFDoDoSFQJAobZ
Threatray 5 similar samples on MalwareBazaar
TLSH 946502823185DCDBE04329F208AFD52065B87D9E8165C90E3747BB2BA4E735324AF75E
Reporter ankit_anubhav

Intelligence

File Origin
# of uploads :
3
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
mal.docm
Verdict:
Malicious activity
Analysis date:
2021-04-08 07:47:05 UTC
Tags:
macros macros-on-open generated-doc loader buerloader
Link:
https://app.any.run/tasks/f0886c2d-4fff-4ea2-8d25-4d660e822e87

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/133085/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42220477.4087.19311.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a file in the %AppData% directory
Creating a file in the %temp% subdirectories
Unauthorized injection to a recently created process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/669723
Signature
Contains functionality to behave differently if execute on a Russian/Kazak computer
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a/
Verdict:
unknown
Similar samples:
483ce500c97e69b9937400f16c2cbf2cdd56017020051456efc24137f03f2579
754ab7c2050696e0d2010dc98f8138f6634abd10b8089a0b5bde2453a61d98bb
7bc840f3e200c5c877b411614a96a364f5402060db380a7691aeaabff18b602c
c036d1c05516a8df5ea47b37cf51676e02f06ddc69532b600e3a9e1e50da3de2
e0fb60da371912c158861c9660632d58e45cfcff12351cc9e03f497f319eb5de
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210408-9t3lvz311n/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Enumerates connected drives
Loads dropped DLL
Unpacked files
SH256 hash:
ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
MD5 hash:
0063d48afe5a0cdc02833145667b6641
SHA1 hash:
e7eb614805d183ecb1127c62decb1a6be1b4f7a8
Detections:
win_buer_auto
Create hunting rule
Link:
https://www.unpac.me/results/8b1254fc-40eb-47e8-b16e-5d4e92af9cd6/
Parent samples :
5312214b15330113f6eab71565e1e3c7d1ee3b59daa6703c271aaf3b192e6809
02fca6ef5d9d8b1eb29f7ac8ea0573b504ea7f06c215e091791653b40fe1329a
cc53accc69b32c2507210ea70d1d56aa84dbe354a7f79577df180179ea797427
045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee
f2a883a0e4b01c72b0f063df3be5a0102e5c8fbaedc39c8d35c632b200599283
dffefbde27442b9095388b1871ffdc101c430b9a814138be4f962328a5b73fde
e0fb60da371912c158861c9660632d58e45cfcff12351cc9e03f497f319eb5de
904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a
SH256 hash:
dba1ba12eb971b71b0d9a216b771e0161cd2311633e6e9a6fd1a17dc2127cbf0
MD5 hash:
0d496c67d24eac015dd7ab2e4cbacd0b
SHA1 hash:
951b043d2f327889bff93258c22dffd99bc2a45c
Link:
https://www.unpac.me/results/8b1254fc-40eb-47e8-b16e-5d4e92af9cd6/
SH256 hash:
904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a
MD5 hash:
fba1fd894b9201a11e866ba58c80ae61
SHA1 hash:
89236d9795f1e8db7d895d0e364dd4768ebc6410
Link:
https://www.unpac.me/results/8b1254fc-40eb-47e8-b16e-5d4e92af9cd6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/133085/

Comments