MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7ecbd646727c85760706a61c2283909c13cb5cd80f51f3ce5af83ed438d293d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	c7ecbd646727c85760706a61c2283909c13cb5cd80f51f3ce5af83ed438d293d
SHA3-384 hash:	fc39c50fde1fdaf61ea3b84a6bc0d4696d8e12f395bbb6eb937e4a79d96ef89b4b3254ada9514916c06f51bc143f22a2
SHA1 hash:	6567efb6631a6d3e3f8d5061f0f643840c04125d
MD5 hash:	a9e772d61cf3f6a30127d525b23f1272
humanhash:	crazy-september-stairway-zebra
File name:	RFQ2.xll
Download:	download sample
File size:	563'200 bytes
First seen:	2022-03-07 09:36:22 UTC
Last seen:	Never
File type:	xll
MIME type:	application/x-dosexec
imphash	a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep	12288:Kn/zDvGHAykH8vLW/4+8bzbBSreMdwBY4ZyrE7K3yl8PeVooA/AB2LEJZsAQPUqj:4zbGHAzHKjX1/BY4ZyrE7K3yl8PeVoo0
Threatray	84 similar samples on MalwareBazaar
TLSH	T10DC47D57F7DBF6B0E6BE827A86F1851C52B774620260A78F664072886D22382453DF0F
Reporter	abuse_ch
Tags:	xll

Intelligence

File Origin

# of uploads :

1

# of downloads :

150

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-9939833-0

SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

Office Add-Ins - Suspicious

Link:

https://app.docguard.net/c7ecbd646727c85760706a61c2283909c13cb5cd80f51f3ce5af83ed438d293d/results/dashboard

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c7ecbd646727c85760706a61c2283909c13cb5cd80f51f3ce5af83ed438d293d/

Threat name:

ByteCode-MSIL.Trojan.ExcelAddin

Status:

Malicious

First seen:

2022-03-06 22:08:27 UTC

File Type:

PE+ (Dll)

Extracted files:

2

AV detection:

20 of 27 (74.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y7wl2zdhe7efoydqnjq4ekbzbhatznonqd2r6phfv6b62q4nfe6q._file

Verdict:

malicious

Similar samples:

0838b673be73014ff6e29d784247ad3b44a794dd2134301bb25c8dd0a3f5b0ae

68315f9b95450e287e19be6f014114f36aa6fd98eef733e839efe670f302fced

93eaa02e5c7c465410e6981da4b4ea3ebd730b8016932d328022da0e8091e763

aba88fbca4bc1906e9602f61b25d48d01cf476d48bda115f317fda930313492c

ade73b7033e024443c9ebffc25a424d3a1fc4e67c674fcd585e9d5d5d2c774a0

b1b5046988f030694c9e4a29e8b61990ac1e4da7a98f0c1fdb3906a60bcbcba0

b3f6afb079d5d25bea3a043d033091d5a0a8fde399c900a6337bc5e1dd65d279

b73f062242ecaf86430950a2990dd69bc5080cfea2a1012efc7436d4a7a3a346

e5013497a297e36f89cc5dc3e369faf27bb9b88684cad53accad8b006433a6c5

+ 74 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/220307-llgz2sffbq/

Behaviour

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Loads dropped DLL

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c7ecbd646727c85760706a61c2283909c13cb5cd80f51f3ce5af83ed438d293d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xll c7ecbd646727c85760706a61c2283909c13cb5cd80f51f3ce5af83ed438d293d

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample