MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae46947119374e3dd59d3132235fd0359642209cb1b87e2bed9bc8af9c2822b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SilentBuilder


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae46947119374e3dd59d3132235fd0359642209cb1b87e2bed9bc8af9c2822b1
SHA3-384 hash: 0e2b24da59531860af9516b9fa4b860ac2c065d4581ef1d6a721630dbdd88429d5ed059f356ee8227aeae686660b587b
SHA1 hash: 9c8ecdfe32f3d96890d309b89393e1c784cd55a6
MD5 hash: 7a700d60b6b437bc18c8ca343ea16c8b
humanhash: friend-spring-don-early
File name:RFQ.zip
Download: download sample
Signature SilentBuilder
Create hunting rule
File size:515'958 bytes
First seen:2021-02-17 09:02:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:NU1kIanVXQxCvjSsiAMvaJmpW1xIj8HK/9g:uknxQoLSeUexIj8a9g
TLSH C2B4230B9C3042F0B84EBFAA317919847B5E5C4CE132DC7FAA165BDE3519B841F1AB94
Reporter abuse_ch
Tags:SilentBuilder zip


Avatar
abuse_ch
Malspam distributing SilentBuilder:

HELO: hosted-by.rootlayer.net
Sending IP: 45.137.22.52
From: SSGC LPG (Pvt.) Ltd<Suleman.lpg@hotmail.com>
Reply-To: Suleman.lpg@hotmail.com
Subject: RE: RFQ Request
Attachment: RFQ.zip (contains "PO.xls")

Palyoad URL:
http://consommateur.qc.ca/fileS.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.SUPExcel4MacroVines.201109.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXRSTRGOOD.NEW-OBJECT.201125.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXRSTRGOOD.NEW-OBJECT.201208.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4HTTPSpliceNaughtyByNatureNotCauseIHateYa.20210131.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.QackySoWacky.20210215.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Macro Execution Coercion
Detected a document that appears to social engineer the user into activating embedded logic.
Autostarting Excel Macro Sheet
Excel contains Macrosheet logic that will trigger automatically upon document open.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae46947119374e3dd59d3132235fd0359642209cb1b87e2bed9bc8af9c2822b1/
Threat name:
Document-Word.Trojan.Krates
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 09:03:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vzdji4izg5hd3vm5gezcgx6qgwleeie4wg4h4k7ntpek7hbiekyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ae46947119374e3dd59d3132235fd0359642209cb1b87e2bed9bc8af9c2822b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SilentBuilder

zip ae46947119374e3dd59d3132235fd0359642209cb1b87e2bed9bc8af9c2822b1

(this sample)

SilentBuilder

Excel file xls 9f381cb9a41c723dddeca49ce454e720d3d211968eeef082073cfc531ae361f4

  
URLhaus
https://urlhaus.abuse.ch/url/1015446/
  
Dropping
MD5 130739f48418b6bd08537bb8afe3b80e
  
Dropping
SilentBuilder
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9f381cb9a41c723dddeca49ce454e720d3d211968eeef082073cfc531ae361f4

Comments