MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 44 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800
SHA3-384 hash: 97f7a1d06693530d227b412454e06097b68f0029e516a826de81804c4ce5e28962164e119d52bfbc812551bc82854a60
SHA1 hash: 7cb2c5009dc85fa80697ba4678a8545431ba82ad
MD5 hash: 6a0aa1baee0f621768130d8be822d6f0
humanhash: sad-michigan-georgia-tango
File name:Key Data 2023 Quarterly Cambodia Poll Appendix.zip
Download: download sample
File size:1'528'613 bytes
First seen:2024-09-19 14:45:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:co3+iL2Wg6DRBWGvke801EWqlbQGLFOEojyMTDp2fcRch9q7jcXLADi:cQL2WgMBdke8pWqlbQG0EobTfcagADi
TLSH T114652357375E6651A66250BC1C132043A2C23F4B6EEE49CC5FDE89B4CEDE9B3319622C
Magika zip
Reporter JAMESWT_WT
Tags:APT37 jumpshare-com zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
576
Origin country :
IT IT
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:Quarterly Cambodia Poll Appendix.pdf.lnk
File size:2'301'384 bytes
SHA256 hash: cfbd704cab3a8edd64f8bf89da7e352adf92bd187b3a7e4d0634a2dc764262b5
MD5 hash: 23d55b0f6a502c7ed3a70d41272b0732
MIME type:application/octet-stream
File name:Key Data 2023 Quarterly Cambodia Poll Appendix (2).xll
File size:590'336 bytes
SHA256 hash: 7e9f91f0cfe3769df30608a88091ee19bc4cf52e8136157e4e0a5b6530d510ec
MD5 hash: a573c3a5f504fd22c302fbba6af0ab09
MIME type:application/x-dosexec
File name:Key Data 2023 Quarterly Cambodia Poll Appendix(1).xll
File size:675'840 bytes
SHA256 hash: af74d416b65217d0b15163e7b3fd5d0702d65f88b260c269c128739e7e7a4c4d
MD5 hash: ea64d820b7ee387d0e811bca0104d9e4
MIME type:application/x-dosexec
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Win.Dropper.Detected-9941731-0
Create hunting rule

Win.Dropper.Detected-9943897-0
Create hunting rule

Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.FoughtAndLost.20230602.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.BackToYou.20230602.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66ec392c77496a3b0d6ef5fe
Tags:
Generic Office Static Stealth Generickd
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm epmicrosoft_visual_cc macros-on-close macros-on-open microsoft_visual_cc packed
Link:
https://www.filescan.io/uploads/66ec39305e9303a29422f8b6/reports/fefa2dcb-302a-4307-9a84-d1cffda679fb/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800
Score:
76%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-05-25 12:04:14 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
20 of 38 (52.63%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=se4daztn2rxjnzpmx3ghdzug4pdy2jl6y722bufekftdeulrlaaa._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery
Link:
https://tria.ge/reports/240919-r5b6sstfkb/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
System Location Discovery: System Language Discovery
Drops startup file
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ClamAV_Emotet_String_Aggregate
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_APT29_WINELOADER_Backdoor
Create hunting rule
Author:daniyyell
Description:Detects APT29's WINELOADER backdoor variant used in phishing campaigns, this rule also detect bad pdf,shtml,htm and vbs or maybe more depends
Reference:https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties
Rule name:Detect_Remcos_RAT
Create hunting rule
Author:daniyyell
Description:Detects Remcos RAT payloads and commands
Rule name:EXE_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies executable artefacts in shortcut (LNK) files.
Rule name:Find_Any_Xll_Files
Create hunting rule
Author:David Ledbetter @Ledtech3
Description:Find Any XLL File
Rule name:Hunt_Excel_DNA_Built_XLL_Files
Create hunting rule
Author:David Ledbetter @Ledtech3
Description:Hunt for Excel Addin dll files generated with Excel-DNA builder https://excel-dna.net/
Rule name:Large_filesize_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file larger than 100KB. Most goodware LNK files are smaller than 100KB.
Rule name:LNK_sospechosos
Create hunting rule
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:Long_RelativePath_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
Rule name:PDF_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies Adobe Acrobat artefacts in shortcut (LNK) files.
Rule name:PS_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies PowerShell artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_Big_Link_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspiciously big LNK file - maybe with embedded content
Reference:Internal Research
Rule name:SUSP_LNK_Big_Link_File_RID2EDD
Create hunting rule
Author:Florian Roth
Description:Detects a suspiciously big LNK file - maybe with embedded content
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments