MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93
SHA3-384 hash: 1e7374d62194d795b3819802d55bbd92c143e714172e2cf4a05f0edf996fc58014c5d808015c8d0f216c31b78a6af51f
SHA1 hash: 35eea3add93a7b68a24f631fc7283816aaf601a6
MD5 hash: 894439e1761208ccf58302d9e0ceb3ec
humanhash: uniform-eighteen-robin-spaghetti
File name:MOU_99202002FEB.xll
Download: download sample
File size:562'688 bytes
First seen:2022-02-22 09:30:47 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Un/zDvGHAykH8vLW/4+8bzbBSreMdDBY4ZyrE7K3yl8PeVooA/AB2LEJZ3AQPUqj:2zbGHAzHKjX1YBY4ZyrE7K3yl8PeVoox
Threatray 50 similar samples on MalwareBazaar
TLSH T154C47E57F7DBF6B0E6FE827A86F1851C52B774620260A78F664072886D22392453DF0F
Reporter pr0xylife
Tags:FormBook xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed packed
Link:
https://www.filescan.io/uploads/6214ad5f875593a3cc01dd8d/reports/65e97021-440d-4dbf-979b-2d139e3ae361/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93/
Threat name:
ByteCode-MSIL.Trojan.XllDownloader
Create hunting rule
Status:
Malicious
First seen:
2022-02-22 09:31:12 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ta77ugtvcovw2ak6drdylpnculzaur57mcixopnzgqplzwxyj2jq._file
Verdict:
unknown
Similar samples:
0c2a4483319382571e9b470d292d0b4bdd4e7e700ff5722a979e4498c147693f
12b746c0b5556ef44be803c0ebb7dbfccbacd3a4f8df1b783d4730a311209cdd
4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f
864b3cc362f84975007a63ae6f7fa6b4bdcc06f4459195896ebee385443ed44a
9b682330445e8eb6445cc43968e21ae3ffe1b9d8c3ae5210c9a8d12416315d5d
b434e54b1f162ec9a1f9e943e8829069c8e91ff4998acdb6f0e5aa34ceee1cc4
bf3529c3d7d27a23db406da1cae1ab04e4b0c5b14de4aa69d5bb11166e1e5c1f
c61b6512d455398c2ff7fa4450c488e7eaeb8aacc01f732d8204ae302e2cc868
+ 40 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220222-lg2tnagchl/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Drops file in Windows directory
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/983ffa1a7513ab6d015e1c4785bda2a2f20a47bf6091773db9341ebcdaf84e93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments