MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a
SHA3-384 hash: 46edeb85c9f4b122aaeec9e407208ff532971d1da50dca7a6ab4ca23cb3c31beb2133c759359ca1670dba2750e519a52
SHA1 hash: 26d14de8c3c28d83a4230460f9e5b1e6023fed6b
MD5 hash: 6a28a41bf2925df755bb5a39a381792c
humanhash: eight-stream-lactose-louisiana
File name:Swift Transfer copy.exe
Download: download sample
File size:1'663'488 bytes
First seen:2020-12-09 10:47:20 UTC
Last seen:2020-12-09 13:02:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:kCxlrLLipd9Iw4pxxDfgq/HQK9bajfGYk2YYNuXFL1AtePtbg6wukKLO4WV:kmFPiJIFpPX/vI1Y3fPxzwNKqvV
Threatray 15 similar samples on MalwareBazaar
TLSH E37512E4DA8AA1BBD42C5DF6D9E457E346840280B42078D31FC54BEF5CA8E1EB9F1913
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: transpro-logistics.com
Sending IP: 103.99.1.159
From: Accounts<moonis@transpro-logistics.com>
Subject: Payment Advice -SWIFT Transfer (103)ProCredit Bank Kosovo
Attachment: Swift Transfer copy.r15 (contains "Swift Transfer copy.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107443/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Spy.21524.23986.21410.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Gathering data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/558890
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a/
Threat name:
Win32.Spyware.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 09:23:48 UTC
AV detection:
23 of 27 (85.19%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ok2uaowitrkim2adrwgg7n75tjy4m453utoxkb5jhw3vgt6nawfa._file
Verdict:
unknown
Similar samples:
1131d4fd95da62edb0a1b201b08bb3811161363e64a9464f5f65bf8ea9b4a6bc
26542443b5665c97e3784c6bdbe4d009510c8bd4bb2f987ab441027fcdaf41a3
3ef39c4ba30114688584f0d34d5c4238fba9e5fe3f3e405d38109eb2a4619576
4a347ecb8e697e6e782a6d71516f3fe009888fded5879f973fe3ab4013bbb90d
5024e1e9970c3d1578e5a18081be612151022149e52998cd95b306619ae6322a
53ae2502a9fed69821959a54927023f131c6e62ebc46119d86e2eaad60356827
c6692211811dbc392c194a030e9be25e3758b07e29f1300253f9f4aaa7ed7310
e562fb595ddc39fc8fdeaf53db5bfc8878ded5328d32b5551b244c42768f3fff
ed8bdc7dfb03c556a144b552517f725297acac5c046313b9f8a96432d94cdf5c
f967527beb6b543395e1b9c1b76a67126321e7f8ec171d102753c0aa151432fb
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201209-v165rqqb56/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a
MD5 hash:
6a28a41bf2925df755bb5a39a381792c
SHA1 hash:
26d14de8c3c28d83a4230460f9e5b1e6023fed6b
Link:
https://www.unpac.me/results/051d81de-e7b1-4912-8a48-3818c1857eec/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 43914fa6ef861928f2924e05604839a6afe946ee6a9468b39d595fc8ecc6a8d8

Executable exe 72b5403ac89c548668038d8c6fb7fd9a71c673bba4dd7507a93db7534fcd058a

(this sample)

  
Dropped by
MD5 d6ad980b23a8c962a96f2bf38aa05abf
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/107443/
  
Dropped by
SHA256 43914fa6ef861928f2924e05604839a6afe946ee6a9468b39d595fc8ecc6a8d8

Comments