MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b
SHA3-384 hash: 1b2c47c878114b6f60dfd7e9ce8e5bf5f014680a1ba1ef4ea6f3cabc3be46f113b3f9f43de1df2cdbf29b749427a1f1c
SHA1 hash: 8c98e8e2ffda2cf784c2fb6703b45e8b700271bf
MD5 hash: a360991de4d5d2c187bc54ae67b39063
humanhash: aspen-michigan-echo-quiet
File name:Estimate Sample.xlsx
Download: download sample
File size:61'486 bytes
First seen:2025-11-10 09:43:48 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 1536:sWOfwTewq0jdV2LadtuX3QHIUMzJT19InW:6fKewqSdi6uXgKzJJ2nW
TLSH T10453F16DE2E1A974D0339D3CD1DDA4D7F10803D59222A71F5DC4BB68AB838AB13D7182
TrID 61.2% (.XLSX) Excel Microsoft Office Open XML Format document (34000/1/7)
31.5% (.ZIP) Open Packaging Conventions container (17500/1/4)
7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika xlsx
Reporter cocaman
Tags:SWIFT xlsx


Avatar
cocaman
Malicious email (T1566.001)
From: "Quantities Materials Takeoff Services <bidhelp@planswiftestimating.com>" (likely spoofed)
Received: "from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) "
Date: "Sat, 8 Nov 2025 10:57:00 -0500"
Subject: "Construction Estimate Sheet - Fee & ETA Details"
Attachment: "Estimate Sample.xlsx"

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
CH CH
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Estimate Sample.xlsx
Verdict:
No threats detected
Analysis date:
2025-11-10 09:45:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f596135c-d4b4-4480-b3a4-dc614082e93a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/36677/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6911b3f0e2c9ded75d78f5b3
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Result
Verdict:
Clean
File Type:
OOXML File with External Links
Link:
https://app.docguard.net/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6911b3ed413b181bff1e57e5/reports/8aa34662-1fbc-4f78-81e5-45689eb79f08/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b
Label:
Benign
Suspicious Score:
/10
Score Malicious:
%
Score Benign:
1%
Link:
https://www.malware.ai/gui/files/?id=2ebbb43b-2b87-44e6-8547-524e7f3130df
Verdict:
Clean
File Type:
xlsx
Link:
https://opentip.kaspersky.com/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1811227
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
OFFICE
Link:
https://malprob.io/report/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Office Document
Link:
https://app.malva.re/file/a360991de4d5d2c187bc54ae67b39063
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b
Threat name:
Document.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 12:35:02 UTC
File Type:
Document
Extracted files:
24
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7s3jzir3ybgm7rxompbjg4wof6kjhxkp6ir2pwxygdanir4kruvq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/251110-lqkxhael3w/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/68f4b24b-e1a3-4490-832f-244aa0d2ebe3
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Excel file xlsx fcb69ca23bc04ccfc6ee63c29372ce2f9493dd4ff223a7daf830c0d4478a8d2b

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/36677/

Comments