MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bad6f26cf307cd6cf4676a6686a633898880cd90b9e04506e55c708f5a1a93bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bad6f26cf307cd6cf4676a6686a633898880cd90b9e04506e55c708f5a1a93bb
SHA3-384 hash: af9ca90f8d7867d3bce34dd9cbf41fbf4fab4bd10f54eb1ba24e08f4e420858a709a56ef68754107c87c3502696aba92
SHA1 hash: f652ae18d9d096226fb68211a6c8c934317a95f2
MD5 hash: 7163d0975d881bff0b38314060baca4d
humanhash: oregon-angel-freddie-cup
File name:Invoice110121.xll
Download: download sample
File size:566'784 bytes
First seen:2021-11-01 13:42:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Rn/zDvGHAykHSzLW/4+8bzbBSreMdlhgFK/UqW:FzbGHAzHAjX1scL
Threatray 13 similar samples on MalwareBazaar
TLSH T12EC48D57F7C7FAB0E6BE827A86B1891C527774520260A78F674072896D23392493DF0F
Reporter James_inthe_box
Tags:exe xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Invoice110121.xll
Verdict:
No threats detected
Analysis date:
2021-11-01 13:55:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ab29b20f-8d36-4653-b4a1-d59cdab4dc10

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/201102/
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed packed
Link:
https://www.filescan.io/uploads/617ffa96a9d585e6d53d4f2f/reports/e9c8d613-f578-4d13-a4fd-d54cebfd0960/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f353575c-a554-4b6c-915d-fb6154ccb22b
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/880484
Signature
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bad6f26cf307cd6cf4676a6686a633898880cd90b9e04506e55c708f5a1a93bb/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xllpe3hta7gwz5dhnjtinjrtrgeibtmqxhqekbxflryi6wq2so5q._file
Verdict:
unknown
Similar samples:
2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf
66d55774ddc3c2e2a33f3158adc526bd703def0eef939c1e72956ae7256f0dd6
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
6f6022a7213a133fb217d60dc3ef39feeb11757d0ef35e5f3c94063557a171e6
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61
a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16
e700a5c4c0969393e63617581e5480c35b77cfeee506c6701775b8403d3fc24c
fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211101-qz8gdaeggr/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
bad6f26cf307cd6cf4676a6686a633898880cd90b9e04506e55c708f5a1a93bb
MD5 hash:
7163d0975d881bff0b38314060baca4d
SHA1 hash:
f652ae18d9d096226fb68211a6c8c934317a95f2
Link:
https://www.unpac.me/results/8ac83668-689c-465d-b7b4-fc571323c665/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bad6f26cf307cd6cf4676a6686a633898880cd90b9e04506e55c708f5a1a93bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/201102/

Comments