MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 43914fa6ef861928f2924e05604839a6afe946ee6a9468b39d595fc8ecc6a8d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 43914fa6ef861928f2924e05604839a6afe946ee6a9468b39d595fc8ecc6a8d8 |
|---|---|
| SHA3-384 hash: | 2189c737193af74d7587d37deab4befadc945e294b8dae6eb0ec4666d0311f4df2e9cc14742f96d87a11a29e010ca827 |
| SHA1 hash: | b85b35aa5f120b838464f9b12cedf0563e22babf |
| MD5 hash: | d6ad980b23a8c962a96f2bf38aa05abf |
| humanhash: | india-nineteen-snake-arkansas |
| File name: | Swift Transfer copy.r15 |
| Download: | download sample |
| File size: | 647'679 bytes |
| First seen: | 2020-12-09 10:47:19 UTC |
| Last seen: | Never |
| File type: | rar |
| MIME type: | application/x-rar |
| ssdeep | 12288:2zXVerMZQTDmzJlEH65FMvpKzvZ5p3ROHAdkEq8+ZSdC+F:uXwMZuIJQzpKzvZOuw0Co |
| TLSH | 13D43302C9E6BCC9D4D59EF98972872C52991DE9CB3B5F063F21A0C4667F0DCC8AD624 |
| Reporter | |
| Tags: | r15 |
abuse_ch
Malspam distributing unidentified malware:HELO: transpro-logistics.com
Sending IP: 103.99.1.159
From: Accounts<moonis@transpro-logistics.com>
Subject: Payment Advice -SWIFT Transfer (103)ProCredit Bank Kosovo
Attachment: Swift Transfer copy.r15 (contains "Swift Transfer copy.exe")
Intelligence
File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Threat name:
Win32.Spyware.Stelega
Status:
Malicious
First seen:
2020-12-09 09:22:22 UTC
AV detection:
19 of 27 (70.37%)
Threat level:
2/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
rar 43914fa6ef861928f2924e05604839a6afe946ee6a9468b39d595fc8ecc6a8d8
(this sample)
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.