MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7295bc68a81c243da0b06c6192a261d7f74ec808be241f3a804b6d73a5d139fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 3 Yara 1 Comments 2

SHA256 hash: 7295bc68a81c243da0b06c6192a261d7f74ec808be241f3a804b6d73a5d139fc
SHA3-384 hash: be2c00403061a39ad05f281b8b852d28b1f444291847ab34e1b51ccc997aeeb06ac1d7c2b34788c1af0193b32491cfd5
SHA1 hash: daf14ef5c9991b9f04ff30106cc37e590acd7447
MD5 hash: a639fc454af21803a0cda4c9249ea20e
humanhash: north-nine-single-indigo
File name:Swift Advice.xlsx
Download: download sample
Signature n/a
File size:13'342 bytes
First seen:2020-05-12 08:19:19 UTC
Last seen:2020-05-13 05:11:53 UTC
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 384:FiUxa8qm7ZGA0bnmiE3ycnDAAoPDLUEWMrb:FiU7qm7ZGtbntE3yeDAAwXblb
TLSH DF528FF440534D0DD7CF3D3790461249AE44B313055A2AA936608A8CFEEFEEF3AD9198
Reporter @jarumlus


Mail intelligence
Trap location Impact
Global High
CH Switzerland Low
# of uploads 3
# of downloads 26
Origin country FR FR
ClamAV Sanesecurity.Malware.27429.XmlHeur.Autoload.UNOFFICIAL
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:Document-Word.Exploit.CVE-2017-11882
First seen:2020-05-12 12:54:00 UTC
AV detection:17 of 31 (54.84%)
Threat level:   5/5
VirusTotal:Virustotal results 58.33%

Yara Signatures

Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information

The table below shows additional information about this malware sample such as delivery method and external references.


Excel file xlsx 7295bc68a81c243da0b06c6192a261d7f74ec808be241f3a804b6d73a5d139fc

(this sample)

Delivery method
Distributed via e-mail attachment


Corsin Camichel commented on 2020-05-13 05:11:45 UTC

'Malicious email
From: Standard Chartered Bank <>
Received: from (unknown [])
Date: 12 May 2020 10:54:32 -0700
Subject: SUBJECT:Advice from Standard Chartered Bank
Attachment: Swift Advice.xlsx

Corsin Camichel commented on 2020-05-13 05:11:40 UTC

Malicious email
From: Jagath Sai<>
Received: from (unknown [])
Date: 12 May 2020 10:05:23 -0700
Subject: Re: Fwd: **TOP URGENT**E-Remittance Order REMINDER 2
Attachment: Swift Advice.xlsx