MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a334885a72d65b2920f247d4a15de104e1b020713f08964316e566d8323bd474. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a334885a72d65b2920f247d4a15de104e1b020713f08964316e566d8323bd474
SHA3-384 hash: c26eb6b03a177aaa874d9abee9f6b1b9725fe3a36d3f5c1073d3de81349977bd772c65eff4d83687ebc7638fb750f509
SHA1 hash: f2e2c7866bbd05e1efdd68b1f61e185f9683b0fc
MD5 hash: cdc4ab67f5ba4a05d923a66305dceaac
humanhash: moon-hamper-twelve-two
File name:8.xll
Download: download sample
File size:39'360 bytes
First seen:2021-11-15 16:23:16 UTC
Last seen:2021-11-16 11:30:32 UTC
File type:Excel file xll
MIME type:application/x-dosexec
imphash ab08e4629a75b80e4430d16f744bf656 (1 x Heodo)
ssdeep 768:oVt+iRrYS51RNM7Odcse/bqvV3ugE7skOTmYsT4dzQJX3Jke+cO:9iRrY6R27OdWo9ugEfS4vNO
Threatray 7 similar samples on MalwareBazaar
TLSH T160039E56251828E3D989177828E72B2F8F50FB23EED56071A0D0D5CBD98ABC31BCC765
Reporter info_sec_ca
Tags:POLE CLEAN LTD xll

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.774921.4175.21174.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/a334885a72d65b2920f247d4a15de104e1b020713f08964316e566d8323bd474/results/dashboard
Payload URLs
URL
File name
http://crl.comodoca.com/AAACertificateServices.crl06
Office Plugin File
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
60%
Tags:
keylogger overlay packed
Link:
https://www.filescan.io/uploads/619289a43edf00a722d59094/reports/ff0980c7-8201-4174-b6b0-754bd92cc88e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a334885a72d65b2920f247d4a15de104e1b020713f08964316e566d8323bd474/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 16:24:05 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=um2iqwts2znssihsi7kkcxpbatq3aidrh4ejmqyw4vtnqmr32r2a._file
Verdict:
malicious
Similar samples:
4d52f61961a8e584db24d2162cdcd12781bc4f63e32171964a51410421108401
6b74dc043f9a12823ed98d704e4c8543c9b5d8b9240e65e9d31d2303ab914906
7c964794e19b093b78a81da3b8dcafbe3d32153a044c19f6892829ed9ff71f46
851b9e416b22c80a435f7d11f0298272ad23a4ae49f6fbe23aafa0578c400bd0
d36674d4c3214e0b0560c6e172bb1765e085892959472afdda2f1debda84ca9d
f5fd02ebd2376fd1bc1ff121e9bfda618755a5c049edc8a4288eb67eb1cc7f9b
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211115-twc3vaahc9/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a334885a72d65b2920f247d4a15de104e1b020713f08964316e566d8323bd474

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments