MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93fb9f37eb70c095e26cedc594ca55ab27710039d0f4e92878e6539975ae58aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93fb9f37eb70c095e26cedc594ca55ab27710039d0f4e92878e6539975ae58aa
SHA3-384 hash: 7748ec197a308ab7dadb8c0aa4e596f9691798373c5115bc1a28c22a19352c8ace3e432ef9399e7b1af5401fc065ccc0
SHA1 hash: ba3080868796ca662d6fafa2520717eb3f326cbc
MD5 hash: c7f14dd847fd32910a1942d01adedb77
humanhash: autumn-apart-mike-louisiana
File name:DoubleClick to DOWNLOAD.one
Download: download sample
File size:368'456 bytes
First seen:2023-01-20 09:35:25 UTC
Last seen:2023-01-20 09:47:53 UTC
File type:Microsoft OneNote (one) one
MIME type:application/octet-stream
ssdeep 6144:Ih1F0ENUnuswvTXDnr4U2A9nlR9em+TehwmJ3fnlR9em+Te3IXp7huG:/uh7hC
TLSH T1727470343AB52821C3E8CE3775F10A9259E9164FE0703B5F1A8BC4275A346D1A9B16FF
Reporter TeamDreier
Tags:one

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBS.Siggen.8126.3525.12318.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EvilOnePicturesOfYou.20230117.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63ca608496add6d1cf47e670/reports/83e79a60-e4f9-4971-97f0-77a64579d882/overview
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93fb9f37eb70c095e26cedc594ca55ab27710039d0f4e92878e6539975ae58aa/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sp5z6n7lodajlytm5xczjssvvmtxcabz2d2oskdy4zjzs5nolcva._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.78
Link:
https://yomi.yoroi.company/submissions/93fb9f37eb70c095e26cedc594ca55ab27710039d0f4e92878e6539975ae58aa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:MALWARE_OneNote_Delivery_Jan23
Create hunting rule
Author:SECUINFRA Falcon Team (@SI_FalconTeam)
Description:Detects suspicious Microsoft OneNote files used to deliver Malware
Reference:https://twitter.com/James_inthe_box/status/1615421130877329409
Rule name:OneNote_magic
Create hunting rule
Author:Stuart Gonzalez
Rule name:onenote_maldocs
Create hunting rule
Author:Stuart Gonzalez
Rule name:QbotStuff
Create hunting rule
Author:anonymous

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Microsoft OneNote (one) one 93fb9f37eb70c095e26cedc594ca55ab27710039d0f4e92878e6539975ae58aa

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments