MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8e1341bfdd8e918bf97eaa060b01aff4a4ba2a78b24093df89a260fbcc53709. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8e1341bfdd8e918bf97eaa060b01aff4a4ba2a78b24093df89a260fbcc53709
SHA3-384 hash: 2d5bbe533778a0ad3056e107f505d654b31778f622036578b8d8727a2c0dbaaf543d98dd16048852c32cc0e0c0a41368
SHA1 hash: 84665b57c95be7f4bb0ad403d2f18c7568d6fc46
MD5 hash: 2e60a25c862dff4b1316c5f036f5813c
humanhash: potato-grey-november-aspen
File name:PO2.xll
Download: download sample
File size:652'293 bytes
First seen:2022-04-15 07:03:16 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash be710ba34b048ab0098050ccf62e369c (18 x Formbook, 14 x Dridex, 9 x AgentTesla)
ssdeep 12288:D0Ws7IMtR4yVld8bzbBSreGPMgFK/UqW1:D0bdkX1NcL
Threatray 46 similar samples on MalwareBazaar
TLSH T19ED46C55BECA6EA1EFBF47BB8361D62D0226735D03A1A6CF360305993951FC2453EA03
TrID 58.0% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
34.3% (.OCX) Windows ActiveX control (116521/4/18)
3.0% (.EXE) Win64 Executable (generic) (10523/12/4)
1.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.3% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
360
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO2.xll
Verdict:
No threats detected
Analysis date:
2022-04-15 07:13:26 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3afc187c-d356-46a4-b32d-de981a221ab6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.312.27193.19952.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/a8e1341bfdd8e918bf97eaa060b01aff4a4ba2a78b24093df89a260fbcc53709/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware overlay packed packed
Link:
https://www.filescan.io/uploads/625918e3ffe27d5119d77033/reports/59b6b7a8-2fbc-4b56-bdb6-2628c772c8f5/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8e1341bfdd8e918bf97eaa060b01aff4a4ba2a78b24093df89a260fbcc53709/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-15 07:04:07 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
8 of 25 (32.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0c2a4483319382571e9b470d292d0b4bdd4e7e700ff5722a979e4498c147693f
0d39c74b9b2d8f9f6986b5ca4bba3f47e75e3ec3ee14c6ecf9beb350fb08d56f
4a9683f3b6658f4895cd3d44c4920d77db5dfd410cf0dc188e4f4d2740c24539
5687795956025667a92af458adfc60b32e82df2449a70740c9137609a52726f6
61fe696f1f01753b90b6054fc390025f644a69a8c85a89dc83ac76cae19f79fb
727f124333294aaba156840955cbfc6ac7470768c65c1582c5e0dbfcb6f8722f
b208a4a53f2622d6c62ecf258987a2038dad2255739f089e8994acc8f6ea0026
c939ce949377b0bda7de743d59d8495fe403f35dac0bce0cf4972bf1c42484a3
ce5c54ac577153e15fb793c022b54fb473752b876525111d6aac97369e72e85e
df22b02f086ac431a0d5687e0b4e96bf57f854bc0f006abb0e8fc67a8d7a7107
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220415-hvk7aadfc2/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Process spawned suspicious child process
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a8e1341bfdd8e918bf97eaa060b01aff4a4ba2a78b24093df89a260fbcc53709

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:t0_1
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments