MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f |
|---|---|
| SHA3-384 hash: | 535243e4f73f0decc3a0bc85a1a822c4f17e215da9ada5bcb6c646cb2abeeb767e63de20ad5263e9873c1b83b44b35be |
| SHA1 hash: | 21bacbe111ecc4f276ccd86b1a6d7df172339949 |
| MD5 hash: | 3c7a6b2e3fb5617a6c28a40486d716f7 |
| humanhash: | alanine-romeo-oranges-alanine |
| File name: | QAOTATION.r13.exe |
| Download: | download sample |
| File size: | 1'726'976 bytes |
| First seen: | 2020-11-06 17:25:25 UTC |
| Last seen: | 2020-11-06 19:03:28 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | fa3a99b038d1b19672af6b92afe86d67 (8 x Formbook) |
| ssdeep | 49152:NvW6nHIFZHzx6casVDZ4NBbNzlipK1oZUekZFFHoqf:NvWtFZTx9a4gdeUecAqf |
| Threatray | 19 similar samples on MalwareBazaar |
| TLSH | CB85231A72C0C474E47B393515109EB0AB2EFAB12F24548B77941A3A6E31BD3972723F |
| Reporter |  abuse_ch |
| Tags: | exe |
Intelligence
File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Launching a process
Creating a window
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
76 / 100
Signature
Allocates memory in foreign processes
Found potential dummy code loops (likely to delay analysis)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected Generic Dropper
Behaviour
Behavior Graph:
Threat name:
Win32.Spyware.Stelega
Status:
Malicious
First seen:
2020-11-06 16:44:14 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
unknown
Similar samples:
+ 9 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f
MD5 hash:
3c7a6b2e3fb5617a6c28a40486d716f7
SHA1 hash:
21bacbe111ecc4f276ccd86b1a6d7df172339949
SH256 hash:
4530911a64d43442d1e38b70898a49a7e109cdd0e10811832fa8deaaf92b8e95
MD5 hash:
bee9eeef65f2902baa903a1a2e878bd7
SHA1 hash:
8bfce0b23c3e6fda93b08b2033133ec2533f3f14
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.