MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebd5e649d96836877e7f0deeb4f388e5025b708160ccb532ea87358a18e4ee20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SilentBuilder


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebd5e649d96836877e7f0deeb4f388e5025b708160ccb532ea87358a18e4ee20
SHA3-384 hash: a52cb88d63e2d06b16702ce04ae8ccc134f0b635b6717926ec4b032ca8e9c2f444572169eec0f46bc1423226f95ed1ef
SHA1 hash: ee3cd3cbc05e48d79ce0e04fdef5c0e280b794df
MD5 hash: 26e9f8807b7ec9ab23636b96773d8882
humanhash: monkey-six-march-timing
File name:charges 32.zip
Download: download sample
Signature SilentBuilder
Create hunting rule
File size:15'735 bytes
First seen:2021-02-19 10:47:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:UvNPf6HDPgraeU1wc0vLeV9nrbeWmyLm7OFr5dGjgDAHmQQ:U1SHDPoaeUqv0nrbU7Fg+mV
TLSH A162C09940593A3FD1C941A332E0AAC876201513E686D08EB2D9F3674FFA78134CBB5A
Reporter abuse_ch
Tags:SilentBuilder zip


Avatar
abuse_ch
Malspam distributing SilentBuilder:

HELO: server.dns-principal-18.com
Sending IP: 162.221.187.122
From: sukiyaki-tenpura&jcom home ne jp <rex.goldner@movilidad.asegestsystem.com>
Subject: [amazon]
Attachment: charges 32.zip (contains "document-750895311.xls")

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.QakbotTheDuck.20200928.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4MagicPalmersArcade.20201207.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4MacroLuresWatchingTheDectives.20210115.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.Excel4DragoTrainingMontage.20210204.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EvilDoc.Excel4EnjoyTheSilence.20210212.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.QakySoWacky.M2.20210218.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.XLSLOLBINHammerToFall.20201218.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Autostarting Excel Macro Sheet
Excel contains Macrosheet logic that will trigger automatically upon document open.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebd5e649d96836877e7f0deeb4f388e5025b708160ccb532ea87358a18e4ee20/
Threat name:
Document-Word.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-02-19 10:48:07 UTC
AV detection:
3 of 47 (6.38%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pk6msozna3io7t7bxxlj44i4ubfw4ebmdglkmxkq42yughe5yqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebd5e649d96836877e7f0deeb4f388e5025b708160ccb532ea87358a18e4ee20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

SilentBuilder

zip ebd5e649d96836877e7f0deeb4f388e5025b708160ccb532ea87358a18e4ee20

(this sample)

SilentBuilder

Excel file xls f33c98f80a5d4647e5a0e5bc2a950d0aa99d0b14ed85467238b384f5e4e8f9e1

  
Dropping
MD5 89b56753e138bafa6d2406c3fed32f61
  
Dropping
SilentBuilder
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f33c98f80a5d4647e5a0e5bc2a950d0aa99d0b14ed85467238b384f5e4e8f9e1

Comments