MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96e69cbc7578b59b885409266c875ff84a6bf7f02d8a09dd06514b5f537fda74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 96e69cbc7578b59b885409266c875ff84a6bf7f02d8a09dd06514b5f537fda74
SHA3-384 hash: 0c277ff430fd3033a917a2b17dd724348b2237b2a69258d74c85ffe2a2c8c42d4bce6ff018cc0be12cd21542c6e82eec
SHA1 hash: 351437386fcf51a33710c8467aa624242787c580
MD5 hash: 20785f48e897edaf12c6b5cc5404f979
humanhash: kitten-salami-golf-september
File name:Versanddetails.zip
Download: download sample
Signature HawkEye
File size:453'367 bytes
First seen:2020-07-31 10:21:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:8rX76yNCL5KKCsC8gyt59tW6Fq0Tyw4W9Yt53kG0:2L69TX5mwq0dT4U1
TLSH 36A423537C5C2D2E7D5DE47F10639FD47B1892778A0B03BDB869AA8EB6480380C59D2B
Reporter @abuse_ch
Tags:DEU DHL geo HawkEye zip


Twitter
@abuse_ch
Malspam distributing HawkEye:

HELO: vps.ajlogos.es
Sending IP: 91.142.220.142
From: DHL DELIVERY SERVICE <shipment@dhl.de>
Reply-To: s.peters.edur@bk.ru
Subject: Re: Versanddetails
Attachment: Versanddetails.zip (contains "Versanddetails.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
US US
Mail intelligence
Geo location:
IT Italy
Volume:
Low
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Status:
Malicious
First seen:
2020-07-31 02:03:28 UTC
AV detection:
29 of 48 (60.42%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 96e69cbc7578b59b885409266c875ff84a6bf7f02d8a09dd06514b5f537fda74

(this sample)

  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment

Comments