MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9868de6df835072136d6d92f91bd22457a6bcd21b20ae12c60caef61ebce0371. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	9868de6df835072136d6d92f91bd22457a6bcd21b20ae12c60caef61ebce0371
SHA3-384 hash:	718b75f12676f84b890a4463d965c586a8b2813b81a5576f0e1c2086f518e8e482136efe1aeca58e764c9cb27919cc56
SHA1 hash:	e8bd44cb42e39c88525b0ff326b700ebe45896a7
MD5 hash:	cbdfb82873bf7cf6d19b3978e18f19d4
humanhash:	oscar-high-mexico-kitten
File name:	ApplicationReject-35749852.zip
Download:	download sample
File size:	1'070'424 bytes
First seen:	2022-04-26 19:19:26 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:uLbNtV0iK+395diYQvJ0do1vISWvppCcksry3:CndK5gBp7XG
TLSH	T108353330FD5886EC814BC8AF0816AB4F8FA2DC71F1E1497E4033999E5FAF6CE2162555
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	Nacho_Parra
Tags:	excel maldoc malware zip

Nacho_Parra

Maldoc file

Intelligence

File Origin

# of uploads :

# of downloads :

398

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malicious

File Type:

OOXML Excel File with Excel4Macro

Link:

https://app.docguard.net/9868de6df835072136d6d92f91bd22457a6bcd21b20ae12c60caef61ebce0371/results/dashboard

Payload URLs

URL

File name

http://uri.etsi.org/01903#SignedProperties

sig1.xml

Document image

Image:

Download PNG

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

macros-on-open regsvr32 regsvr32.exe

Link:

https://www.filescan.io/uploads/626845e40d3e2bd52d08e71c/reports/259d2841-df45-4f60-b4cf-b49d64f258ca/overview

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/9868de6df835072136d6d92f91bd22457a6bcd21b20ae12c60caef61ebce0371

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9868de6df835072136d6d92f91bd22457a6bcd21b20ae12c60caef61ebce0371/

Threat name:

Script.Trojan.Heuristic

Status:

Malicious

First seen:

2022-04-26 19:20:15 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

6 of 42 (14.29%)

Threat level:

2/5

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220426-x13qvadgh5/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Process spawned unexpected child process

Malware Config

Dropper Extraction:

http://103.155.93.53/4274619.dat
http://87.236.146.69/4274619.dat
http://94.140.114.172/4274619.dat
http://103.155.93.53/669690671.dat
http://87.236.146.69/669690671.dat
http://94.140.114.172/669690671.dat

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.74

Link:

https://yomi.yoroi.company/submissions/9868de6df835072136d6d92f91bd22457a6bcd21b20ae12c60caef61ebce0371

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Joe Sandbox

https://bjfibra.com/ork/bP1wiN5lpb.zip

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample