MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8ecf8ebf7cf11d1637372f3b2abe0e63eaf6424756553536b98ddcce8dc4d0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8ecf8ebf7cf11d1637372f3b2abe0e63eaf6424756553536b98ddcce8dc4d0a
SHA3-384 hash: 0a2a5c9f6552eecb921a7e49f2af7b860604e2881cacaf40eaa6b62027c319af06f6cc205b8217aa5e031e6d81b6d905
SHA1 hash: 317fc72f0bc6be32238f4ad91da1f50e98b24473
MD5 hash: 4e2147bd13cc3780616cf5d36d470e40
humanhash: violet-missouri-september-monkey
File name:ORDER INQUIRY SHEET.xll
Download: download sample
File size:826'368 bytes
First seen:2021-09-08 16:02:37 UTC
Last seen:2021-09-09 05:56:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6d37c013119a4a6fd8aea36670d37c17
ssdeep 12288:mavZOXjNpzDQ718bzbBSreewVgFK/UqWg9tfyGeBr4dmGrZzp:mXXxNlX1HcLg9FiBr6rJ
Threatray 4 similar samples on MalwareBazaar
TLSH T14305C016F7E7B675E6BF927EC6B1892C5273749602B0D38F774015892922392893CB0F
Reporter malwarelabnet
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ORDER INQUIRY SHEET.xll
Verdict:
No threats detected
Analysis date:
2021-09-08 16:04:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8592bf08-e42e-4402-81ac-c2bd695ddfe0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186427/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/76c6ed71-eba5-4d91-a926-2b69e0c8002a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/847581
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8ecf8ebf7cf11d1637372f3b2abe0e63eaf6424756553536b98ddcce8dc4d0a/
Threat name:
ByteCode-MSIL.Trojan.Mucc
Create hunting rule
Status:
Malicious
First seen:
2021-09-07 01:25:58 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5dwpr27xz4i5cy3tolz3fk7a4y7k6zbeovsvgu3ltdo4z2g4jufa._file
Verdict:
malicious
Similar samples:
02fb8eb6c513e90738234def1f0ee6869d25af749ba3285b9b979ed33c3ec2e9
4d722ed2510391ddcfc520cdfff4d6bd8d4f1366aa50a82a925fc6d35db5f388
5f1ff93cf4eb1ec53402b5bb959a6fd1d4c94fed041606a39d7b334b699514ec
c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210908-thcj6aaaal/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
e8ecf8ebf7cf11d1637372f3b2abe0e63eaf6424756553536b98ddcce8dc4d0a
MD5 hash:
4e2147bd13cc3780616cf5d36d470e40
SHA1 hash:
317fc72f0bc6be32238f4ad91da1f50e98b24473
Link:
https://www.unpac.me/results/574af5d3-05ba-4211-9fbb-227acf16dbf2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e8ecf8ebf7cf11d1637372f3b2abe0e63eaf6424756553536b98ddcce8dc4d0a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/186427/

Comments