MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 afcfd899d11e91ea98872d489d728ad31ca6446802be0fd5c06461e4d3e1a2b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	afcfd899d11e91ea98872d489d728ad31ca6446802be0fd5c06461e4d3e1a2b3
SHA3-384 hash:	05b742e131b5597fbfeafadc0ffee2f5017e13c5d078ce266789e9b5e1430786911c973c69e08afa149f3e54dfd7080c
SHA1 hash:	c9c54845852f4d1e25df0629f63b95207312820e
MD5 hash:	54db2198b656b1ec8d9c41d3a6c16f99
humanhash:	muppet-social-virginia-alanine
File name:	pslroorutoapv.zip
Download:	download sample
File size:	1'086'164 bytes
First seen:	2022-04-14 12:43:41 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:gLABd/2StcWOjADgWk6AHQATrnNaP9FCF4S15g9eSu:g8ltKwguYQATxYLjS15ce7
TLSH	T1C03533D85B156B6CCC47B626DDDD2E21BB4FA73CA038523581948F8721BFBBB618C112
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	JAMESWT_WT
Tags:	zip

Intelligence

File Origin

# of uploads :

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

TwinWave.EvilDoc.DataopWereSendingYouBack.220331.UNOFFICIAL

TwinWave.EvilDoc.XLSBLOLBINHammerToFall.20210414.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

OOXML Excel File with Excel4Macro

Link:

https://app.docguard.net/afcfd899d11e91ea98872d489d728ad31ca6446802be0fd5c06461e4d3e1a2b3/results/dashboard

Payload URLs

URL

File name

http://uri.etsi.org/01903#SignedProperties

sig1.xml

Document image

Image:

Download PNG

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/62581718ffe27d5119ce300a/reports/92f2d2b5-2a0a-4218-97d0-ad485ae9785f/overview

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/afcfd899d11e91ea98872d489d728ad31ca6446802be0fd5c06461e4d3e1a2b3/

Threat name:

Document-Office.Trojan.Heuristic

Status:

Malicious

First seen:

2022-04-14 12:44:09 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

4 of 41 (9.76%)

Threat level:

2/5

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/220414-pyf53ahabp/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Process spawned unexpected child process

Malware Config

Dropper Extraction:

http://rommify.net/Mm2cPksfn0/Dmnh.png
http://c-logistica.com/qS4NKRYI/Dmnh.png
http://mhdti.com/e03BksINQKc/Dmnh.png

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.74

Link:

https://yomi.yoroi.company/submissions/afcfd899d11e91ea98872d489d728ad31ca6446802be0fd5c06461e4d3e1a2b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip afcfd899d11e91ea98872d489d728ad31ca6446802be0fd5c06461e4d3e1a2b3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2147182/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample