MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b23167419f3c653646c60164aaf08e3fe59fde7831425aa89c43beb38c41c407. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 1 Yara 1 Comments

SHA256 hash: b23167419f3c653646c60164aaf08e3fe59fde7831425aa89c43beb38c41c407
SHA1 hash: d532d745158377ed4aa5638fb2155e578576661b
MD5 hash: a9b74341cb1981d5cd91948b0c45226c
File name:Sage ACH Remittance.xlsm
Download: download sample
Signature n/a
File size:421'139 bytes
First seen:2020-05-23 07:25:55 UTC
Last seen:2020-05-23 07:36:48 UTC
File type:Excel file xlsm
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 12288:J49w8fyunGthwu8kxPthZugvq4jzjSGUu1L:J49b7AhFxPthZnvL3tp
TLSH 4394233FD2987E9EC6F3EA7D8D458AE7231253CE339079BA685C8888065F12EC171D51
Reporter @abuse_ch
Tags:xlsm


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: serve0.japerez.pw
Sending IP: 173.82.94.38
From: Sage Secure Electronic Transmission Advice <sage.electronictransmision@mail.ach.eft.sage.com>
Subject: Sage Secure Transmission ACH Credits Notification SG-7890US
Attachment: Sage ACH Remittance.xlsm

Unknown payload URL:
http://185.205.209.166/cxwv/nu.exe

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 20
Origin country US US
ClamAV MiscreantPunch.EvilMacro.PSHELLNEWOBJECTw.1.UNOFFICIAL
MiscreantPunch.EvilMacro.PSHELLNEWOBJECTw.2.UNOFFICIAL
MiscreantPunch.EvilMacro.PSHELLB64ENVTMP.1.UNOFFICIAL
MiscreantPunch.EvilMacro.PSHELLB64ENVTMP.3.UNOFFICIAL
TwinWave.EvilDoc.DOCXRSTRGOOD.POWERSHELL.200302B64.1.UNOFFICIAL
TwinWave.EvilDoc.DOCXRSTRGOOD.NEW-OBJECT.200322B64.4.UNOFFICIAL
TwinWave.EvilDoc.DOCXRSTRGOOD.NEW-OBJECT.200322B64.12.UNOFFICIAL
VirusTotal:Virustotal results 19.67%

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xlsm b23167419f3c653646c60164aaf08e3fe59fde7831425aa89c43beb38c41c407

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments