MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767
SHA3-384 hash: a6cb02d0ef22fb2cfe91a6f41ed6d16bdb3183019d587d46a2645fcff8e56f38208e6fb30a76b2bfe3b6c18e1ac1b3ae
SHA1 hash: d0fd1f036ff054b9370666f18283345f3d15bcd1
MD5 hash: 2f9e1f0bc0c3c89ee96690768a9fcac3
humanhash: leopard-minnesota-orange-social
File name:Italia_EDEKA.docx
Download: download sample
File size:84'729 bytes
First seen:2025-12-10 23:28:42 UTC
Last seen:Never
File type:Word file doc
MIME type:application/vnd.openxmlformats-officedocument.wordprocessingml.document
ssdeep 1536:yXFmMWFinVkKF4nEHlIhzNm9yelPxT3cd:yXwekM4nclMSsd
TLSH T1A38364BB41424ADEE802B5338F3F55BA9AC90F6293345F2A2D98D45E4D3214B3F4C6E5
TrID 52.2% (.DOCX) Word Microsoft Office Open XML Format document (23500/1/4)
38.8% (.ZIP) Open Packaging Conventions container (17500/1/4)
8.8% (.ZIP) ZIP compressed archive (4000/1)
Magika docx
Reporter Mangusta
Tags:decoy doc Spam-ITA

Office OLE Information

This malware samples appears to be an Office document. The following table provides more information about this document using oletools and oledump.

Embedded Images

MalwareBazaar found the following images embedded in this file:

MD5 hashdc.creator# of relations
d629dec95812502f3ce16b018afbf6812
e61918c16046d8e27b741b8f6e93fb3aNone

Intelligence

File Origin
# of uploads :
1
# of downloads :
190
Origin country :
IT IT
Vendor Threat Intelligence
Malware configuration found for:
MSO
Details
MSO
extracted OLE packages, if they are present within the input OOXML document
Link:
https://research.acce.ciphertechsolutions.com/results/8ea407e4-81ea-4c3b-9253-6abc91a77513/
Malware family:
n/a
ID:
1
File name:
Offerta_BonviciniF_04-12-25.zip
Verdict:
Malicious activity
Analysis date:
2025-12-09 15:37:45 UTC
Tags:
susp-lnk arch-exec arch-doc
Link:
https://app.any.run/tasks/ffa05653-497b-467c-8b9f-ad2c60c9a64f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693a020fbde6a3e597100c71
Tags:
infosteal
Result
Verdict:
Clean
File Type:
OOXML Word File
Link:
https://app.docguard.net/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767/results/dashboard
Document image
Image:
Download PNG
Document image
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767
Label:
Benign
Suspicious Score:
/10
Score Malicious:
%
Score Benign:
1%
Link:
https://www.malware.ai/gui/files/?id=1df94df6-8277-4e9e-9303-b318102cef67
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767
Verdict:
Clean
File Type:
docx
First seen:
2025-12-10T00:24:00Z UTC
Last seen:
2025-12-10T12:07:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
OFFICE
Link:
https://malprob.io/report/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Office Document
Link:
https://app.malva.re/file/2f9e1f0bc0c3c89ee96690768a9fcac3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767
Threat name:
Document.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-09 18:38:19 UTC
File Type:
Document
Extracted files:
18
AV detection:
3 of 37 (8.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3gh6ye7c6jq2b6g2cbutnrz7d3g26sy6q6iqlanuqpl35oplu5tq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/251210-3gmheafz9f/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b6796241-139b-44b3-bda2-035bdff1a0dc
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d98fec13e2f261a0f8da106936c73f1ecdaf4b1e87910581b483d7beb9eba767

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments