MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce5ea54a04be2e6d119e978a0d3c7ab48094c3c1b6749b12a2ad06568a68df33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce5ea54a04be2e6d119e978a0d3c7ab48094c3c1b6749b12a2ad06568a68df33
SHA3-384 hash: 43c0a2f58d6a13bb21831eb9c64fda347f8dc940bda5d56819c5a0123515ccebf40e985d49c5a73aaac6e132332349f6
SHA1 hash: 6e340e0bf5da093a0ab0c69a074152979acf6ba7
MD5 hash: 531b94f812dfcc632bfc8ac6190bd9fe
humanhash: massachusetts-july-high-fruit
File name:WF_Payment Advice_211264.xll
Download: download sample
File size:564'224 bytes
First seen:2021-12-06 18:10:47 UTC
Last seen:Never
File type:Excel file xll
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 12288:Wn/zDvGHAykH8vLW/4+8bzbBSreMdyBY4ZyrE7K3yl8PeVooA/AB2LEJZLoCAQP9:EzbGHAzHKjX15BY4ZyrE7K3yl8PeVoo3
Threatray 17 similar samples on MalwareBazaar
TLSH T12FC47E57F7CBF6B0E6FE867A86F1851C52B774620260A78F664072886D22392453DF0F
Reporter James_inthe_box
Tags:xll

Intelligence

File Origin
# of uploads :
1
# of downloads :
266
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
WF_Payment Advice_211264.xll
Verdict:
No threats detected
Analysis date:
2021-12-06 18:36:44 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/875293e0-ace9-48b5-ad34-16e371817b02

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
Office Add-Ins - Suspicious
Link:
https://app.docguard.net/ce5ea54a04be2e6d119e978a0d3c7ab48094c3c1b6749b12a2ad06568a68df33/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed packed
Link:
https://www.filescan.io/uploads/61ae5238fa72c81b5b0ec506/reports/85af6c5b-aff1-4938-beef-de2b07425816/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce5ea54a04be2e6d119e978a0d3c7ab48094c3c1b6749b12a2ad06568a68df33/
Threat name:
ByteCode-MSIL.Trojan.Drixed
Create hunting rule
Status:
Malicious
First seen:
2021-12-06 18:09:46 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zzpkksqexyxg2em6s6fa2pd2wsajjq6bwz2jwevcvudfncti34zq._file
Verdict:
unknown
Similar samples:
03bbdb538b33b62be11ae0ee9b783d8d492bf0a3597176f81e8f11ccbd59fce3
2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
6f6022a7213a133fb217d60dc3ef39feeb11757d0ef35e5f3c94063557a171e6
75673c98de0bc2888304d04b5357087612c6762a2563b76cbd83bbcfac0833be
7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61
a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
bad6f26cf307cd6cf4676a6686a633898880cd90b9e04506e55c708f5a1a93bb
df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16
fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211206-wsllxshfh8/
Behaviour
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce5ea54a04be2e6d119e978a0d3c7ab48094c3c1b6749b12a2ad06568a68df33

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments