MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acfeafcddb547e43afb1abca9705a71823e995eaf0a2b6607cf6663950eb5bbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acfeafcddb547e43afb1abca9705a71823e995eaf0a2b6607cf6663950eb5bbf
SHA3-384 hash: f5d02f3a890cea18c16db75a8bf88a80eff0fa8d5ec9861d414860a690d2ba657f665e698b3a47699d29c894a9fd0928
SHA1 hash: 0b9ff8f5bf54c2495ee171f4b9a7549db4b61f0e
MD5 hash: 460fed00a9310ddcded9f734160a4a3c
humanhash: mango-gee-delaware-mike
File name:INVOICE.doc
Download: download sample
File size:4'081 bytes
First seen:2020-05-12 11:16:55 UTC
Last seen:Never
File type:Word file doc
MIME type:text/rtf
ssdeep 96:TJJArALOHFkLLsgVYv0yDeJoJFrTzzdyx9pQAbd9RjGvq2VHe:crQOHY4B02zTzYx9pQAbdAr+
Threatray 439 similar samples on MalwareBazaar
TLSH 7F81C7B91B8C0486C186DEA7D941FF735343F67AA6DB0E80332FF0720A2F1426675696
Reporter cocaman
Tags:doc


Avatar
cocaman
Malicious email
From: "Aayushi Dubey" <mktg@crimsonintl.com>
Received: from crimsonintl.com (unknown [37.49.230.215])
Date: 12 May 2020 13:15:45 +0200
Subject: RE: INVOICE CONFIRMATION
Attachment: INVOICE.doc

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27301.RtfHeur.BadVer.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.FakeRTF-2.UNOFFICIAL
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/355332
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:17:40 UTC
File Type:
Document
Extracted files:
4
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
069f0dc72189e7faf5278aabd6ba9f53c386023f9d7d8ab863896e43f6a4e456
2120cc9b71de9e66d9450987334dbf4543968a758162c131ca598a60b86f22ce
343873155b6950386f7d9bcd8d2b2e81088521aedf8ff1333d20229426d8145c
5c826e35fe48ce5410e9c553242a83e71b2408a57d3256bcd0bd4334412010b0
61ab7d6bc7b5b5a3f90635ed4208d0528155a4283b1deb656e194caf198cba80
94581916a6f0f8c4c0e9238fb1ec9ee8f44035e750f7a41115e68ebe526e6ee4
9c5b8535e2ac554768c5cfc3d655a3aed7647fe2280e66161a516296eb5a5918
ae827e126c9f242564090fd5cb50ab392d61eae0f8dc1d43654bcb16aeeadc2e
b1bbfa891537ee3acffe84ec8a7ebd4537170218372be4727d74c6c31ee4a546
c7c057a2a841138af9f5e5d0919aa2099c27453600d87c3186896836ba812399
+ 429 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-mvbfq7t3vn/
Behaviour
Launches Equation Editor
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Office loads VBA resources, possible macro or embedded object present
Drops file in Windows directory
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Word file doc acfeafcddb547e43afb1abca9705a71823e995eaf0a2b6607cf6663950eb5bbf

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/3356/

Comments