MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084
SHA3-384 hash: b207edb60e1ea2cf4fceef02882415f35e166a25ddff5a8ea7068d96a22aba779dfd5fd30f811449662c9054611fe09a
SHA1 hash: b43b26068b4fee1f0ca020f8fa61a19b8926fc34
MD5 hash: a951a2a98623826a7f0734652a52ec6d
humanhash: high-august-east-white
File name:DOC.zip
Download: download sample
File size:557'215 bytes
First seen:2021-06-30 06:06:36 UTC
Last seen:2021-06-30 06:06:59 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:9nLo/i79HWx2cGw+KNfTxVAAv4Rt2UFjXptb4Z4dF8Ic8:1KiJ5cUKNxg2Orw4d3c8
TLSH 0BC4233C65E3A488AAE8294D86CEFE59C7CD134690B2A37C15343DBDD1178D6E8E53C8
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "info@dijlashipping.com" (likely spoofed)
Received: "from dijlashipping.com (unknown [45.137.22.110]) "
Date: "30 Jun 2021 05:20:47 +0200"
Subject: "RE: SHIPPING DOCUMENT & PACKING LIST"
Attachment: "DOC.zip"

Intelligence

File Origin
# of uploads :
3
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.26078.976.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084/
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 794a518c2857ed2106f0ee8d409c8dc9e0b358df749e6f693ee2a7ba5150b084

(this sample)

RedLineStealer

Executable exe 32e64abe73b4a1466ff42d4ae193b93a27dd38469fe3df1aea02727db34d8c58

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 32e64abe73b4a1466ff42d4ae193b93a27dd38469fe3df1aea02727db34d8c58

Comments


Avatar
Corsin Camichel commented on 2021-06-30 06:09:46 UTC

password "Um652VtV3sX2eyy"