MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16
SHA3-384 hash: cc12b537df036b27a981eef40257f494c7d0ba369d0ad827430fdd65f34c0424a592696f30b39051259ff1af7c8a7609
SHA1 hash: 3fbc9e317c1d373fa02e0c6ec4b615f334e3104c
MD5 hash: b50fea4606274bedc8d82dfdb050894e
humanhash: virginia-magazine-video-east
File name:Account Statement.xll
Download: download sample
File size:913'408 bytes
First seen:2021-08-09 22:30:41 UTC
Last seen:2021-08-09 23:02:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a31761b5a590c4c499d5f4a347d75c12 (23 x Formbook, 17 x AgentTesla, 6 x RedLineStealer)
ssdeep 24576:IzbGHAzHAjX1VcLg5KzdcXDq3oKLGIua:IziHILEgzdIeYKSa
Threatray 6 similar samples on MalwareBazaar
TLSH T10115D05BF7C7FAB0E6BE827A86B1851C527774520260A78F674072892D23392493DF1F
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Account Statement.xll
Verdict:
No threats detected
Analysis date:
2021-08-09 21:17:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/977c9ecd-3e34-44b5-b8cd-5c702f76b11d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177770/
Detection(s):
SecuriteInfo.com.Artemis4EBC548DF517.17970.15145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/79f57c06-5a21-4b77-bd75-8771dbb08c69
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/829756
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-09 12:22:31 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=35i5c5lw422765eieiihtjwqx22cz27ti7d6ubhuwb7sdceghila._file
Verdict:
unknown
Similar samples:
338ffcde4891ef19f8b2974f2a9188e14a90f592322c8fb07acb662b57b35771
6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
7a6f8590d4be989faccb34cd393e713fd80fa17e92d7613f33061d647d0e6d12
a079a5f2f540af4d43166a83f506e0da0e58201ffb55c05fd24b6532fe9ecefe
fd042d218a6adcb4d496f6d0e9f6fb3dfabdc24bc8bc86681480d76597ec258b
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210809-1g293sjs5e/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16
MD5 hash:
b50fea4606274bedc8d82dfdb050894e
SHA1 hash:
3fbc9e317c1d373fa02e0c6ec4b615f334e3104c
Link:
https://www.unpac.me/results/49c71cc1-6577-47ee-b2bb-2bedeff7ca41/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/177770/

Comments