MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf
SHA3-384 hash:	5d58edcbe159ef1038be08cc717453b9a1790407f3b06ab2fa966f28b88f7fdb33f2dc8220d24dfbc580920b852c1973
SHA1 hash:	362e65c00e43597b32505d16fb711e54316491d5
MD5 hash:	d02772ad4c0b1c6d8dc93a5d673e5b53
humanhash:	sodium-april-zulu-bulldog
File name:	JPM EU Oil & Gas 2Q24%0D%0A Preview.xlsx
Download:	download sample
File size:	304'861 bytes
First seen:	2024-07-22 15:41:10 UTC
Last seen:	Never
File type:	xlsx
MIME type:	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep	6144:gdquO0p4biq+8TXBe0XzTWliBPECY9tyY:akQ4biq++XBeImYBPECY9MY
TLSH	T1AB54E217BB00FE0DE1AA03BC5D2EAC66A08A82AC95F5E14DBD5DFC5E3B445430ACC56D
TrID	61.2% (.XLSX) Excel Microsoft Office Open XML Format document (34000/1/7) 31.5% (.ZIP) Open Packaging Conventions container (17500/1/4) 7.2% (.ZIP) ZIP compressed archive (4000/1)
Reporter	cocaman
Tags:	xlsx

cocaman

Malicious email (T1566.001)
From: ""Matthew Lofting, CFA" <matthew.lofting@jpmresearchmail.com>" (likely spoofed)
Received: "from o140.scx.jpmorgan.com (o140.scx.jpmorgan.com [167.89.51.204]) "
Date: "Mon, 22 Jul 2024 15:39:14 +0000 (UTC)"
Subject: "Peter, JPM EU OILS 2Q Tactical Ideas; UPDATED .XLS incl consensus
ATTACHED; Long Shell, Eni, Repsol; Sell strength in BP; Short EQNR, Neste"
Attachment: "JPM EU Oil & Gas 2Q24
Preview.xlsx"

Intelligence

File Origin

# of uploads :

# of downloads :

3'252

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=669e7dcb2f6eaff4b90f3359

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Using the Windows Management Instrumentation requests

Creating a window

Сreating synchronization primitives

Creating a file

Result

Verdict:

Malicious

File Type:

OOXML Excel File

Link:

https://app.docguard.net/c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf/results/dashboard

Document image

Image:

Download PNG

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/669e7dcca537d9330be19bd9/reports/d761a429-275b-4304-84b5-b4f8645d68fc/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf

Gathering data

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

4 / 100

Link:

https://www.joesandbox.com/analysis/1478514

Behaviour

Behavior Graph:

n/a

Score:

Verdict:

Benign

File Type:

OFFICE

Link:

https://malprob.io/report/c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf/

Threat name:

Document.Trojan.Heuristic

Status:

Malicious

First seen:

2024-07-22 15:41:21 UTC

File Type:

Document

Extracted files:

126

AV detection:

2 of 38 (5.26%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ynjqvatoip2aykwa6mhm2otzt3tbfcmfngtw7jrl5bz232tyjppq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/240722-s5bqpsvdpa/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1e03ba3b-fd71-4821-a836-d92e657ba999

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xlsx c3530a826e43f40c2ac0f30ecd3a799ee612898569a76fa62be873adea784bdf

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample