MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763
SHA3-384 hash: c488249e69bccbed44d8077e42a5cc92cb1946c22dda57c667f5bbf96c9ad8e70adc0a666ca3847360640c8b79dc07ce
SHA1 hash: f07967da21be7cb30fd86d3735da16b295f174e8
MD5 hash: a3657a3aa649dc673899054e2d95f7b9
humanhash: sierra-quiet-three-twenty
File name:Pagamento 64.xll
Download: download sample
File size:563'200 bytes
First seen:2022-02-26 08:17:40 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Sn/zDvGHAykH8vLW/4+8bzbBSreMdDBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqj:QzbGHAzHKjX1kBY4ZyrE7K3yl8PeVoo0
Threatray 68 similar samples on MalwareBazaar
TLSH T12CC47E57F7DBF6B0E6BE827A86F1851C52B774620260A78F664072886D23392453DF0F
Reporter abuse_ch
Tags:xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-9939833-0
Create hunting rule

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed packed
Link:
https://www.filescan.io/uploads/6219e2440cd58dbd9241ccfd/reports/bcc70bc0-7ff6-4fc8-94e2-0c4fcdd6607f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763/
Threat name:
ByteCode-MSIL.Trojan.ExcelAddin
Create hunting rule
Status:
Malicious
First seen:
2022-02-25 10:22:11 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spvkals4prdfiehgtao2jnhkh26xgc4ac2js2muaelna5aer45rq._file
Verdict:
unknown
Similar samples:
0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae
12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd
aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c
ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0
b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279
d340898f14aaa9f884b022b4be1b849eae4be5e275432348dc6bcb1fa09e28cb
e230c4b82bc8c591ef3c4c5bccb49baffd3f04230eab9342afa5216ab6fa5d5f
e5013497a297e36f89cc5dc3e369faf27bb9b88684cad53accad8b006433a6c5
+ 58 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/220226-j7bn2saaf8/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments