MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f81e70dd7eb0fa56a4c392c00f3552857a39b53222f0def135bf57c4cc0ef1d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f81e70dd7eb0fa56a4c392c00f3552857a39b53222f0def135bf57c4cc0ef1d2
SHA3-384 hash: 0d3d8cfbe27d9c35a8ef77cb7108f973d8335cab8bdaa8f1879bb97cb71760b80d2bf20ea4c075ba6857880ea21ca76f
SHA1 hash: 5b3df2d725883705d64d86593f8310241922a6e9
MD5 hash: 843d260163d0143c4feef0fa3c54e63e
humanhash: cold-table-echo-wisconsin
File name:SecuriteInfo.com.Trojan.GenericKD.46081523.30957.16634
Download: download sample
File size:65'024 bytes
First seen:2021-04-12 23:40:22 UTC
Last seen:Never
File type:PowerPoint file ppt
MIME type:application/vnd.ms-powerpoint
ssdeep 192:7BKU64Zm3WDWQdDTEzZoFMNyKsnu9mWaxC3nepnoQEgHGXB7HLHYeI:t26DWQ9EzeMlsjWaw3epn6gWBjMeI
TLSH AE538015B797C963E0595E368EE2D6CA7330BC22BE90830F318A732F2E7B5508D02B15
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.GenericKD.46081523.30957.16634
Verdict:
No threats detected
Analysis date:
2021-04-12 23:43:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/00b515ef-056c-4a98-a3d1-8877694e5a25

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46081523.30957.16634.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.PPTWANNABEBALLERSHolidayOnTheMoonPolicyKillz.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
Malicious
File Type:
Legacy PowerPoint File with Macro
Link:
https://app.docguard.net/f81e70dd7eb0fa56a4c392c00f3552857a39b53222f0def135bf57c4cc0ef1d2/results/dashboard
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/f81e70dd7eb0fa56a4c392c00f3552857a39b53222f0def135bf57c4cc0ef1d2
Details
Macro with Startup Hook
Detected macro logic that will automatically execute on document open. Most malware contains some execution hook.
Macro Contains Suspicious String
Detected a macro with a suspicious string. Suspicious strings include privileged function calls, obfuscations, odd registry keys, etc...
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/673707
Signature
Document contains an embedded VBA macro which may execute processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f81e70dd7eb0fa56a4c392c00f3552857a39b53222f0def135bf57c4cc0ef1d2/
Threat name:
Document-Office.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 06:21:46 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro xlm
Link:
https://tria.ge/reports/210412-5grzkvxyd6/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f81e70dd7eb0fa56a4c392c00f3552857a39b53222f0def135bf57c4cc0ef1d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments