MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fbbf4b2e78a8a964bc81a1ab1d80554e9a8815a3c7412ffa020c849af3cb08a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fbbf4b2e78a8a964bc81a1ab1d80554e9a8815a3c7412ffa020c849af3cb08a
SHA3-384 hash: 84c15a47ddf7e65ffabb72445ac3309eca93b438a159da24bf484de05487cc6e0af2778b5294d2450ffe8860abed912d
SHA1 hash: 22a7dbcdcedfa53e99b60599869b883a2c72d973
MD5 hash: e60b55b07d884318d1188ba83c40d911
humanhash: moon-robin-enemy-oscar
File name:hyundai steel-pipe- job 8010.rar
Download: download sample
Signature HawkEye
Create hunting rule
File size:661'965 bytes
First seen:2020-05-15 07:36:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:jA/fyJwHhnMZqWjysZxHoZ3ymt9RlKzI8jkcZktbhHwpzBnIyyGwuuJQcIRcc:uJHaqWusrIZhtFnBcZktbQBvPwuo3IRx
TLSH CDE423FBDB7658101A50BE4A32CECD69AF6E4CAE130C66D0DF18475F8C9178385892F6
Reporter abuse_ch
Tags:HawkEye rar


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: gswco.sa
Sending IP: 156.96.151.244
From: Kiran Ramesh [Skids, GSW] <kiran.ramesh@gswco.sa>
Reply-To: Kiran Ramesh [Skids, GSW] <thuyxnkr2019@gmail.com>
Subject: MTC Authentication-Job 8017
Attachment: hyundai steel-pipe- job 8010.rar (contains "hyundai steel-pipe- job 8010.exe")

HawkEye SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-16 03:55:44 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d657jmxhrkfjms6idinldwafktu2rak2hr2bf75aedeetlz4wcfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar 1fbbf4b2e78a8a964bc81a1ab1d80554e9a8815a3c7412ffa020c849af3cb08a

(this sample)

HawkEye

Executable exe 8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b

  
Dropping
MD5 0999a03694a1c97a43ac0de89cbf355e
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8a9bcb387cd155170986cd1938beb317ee1ee511bcb6175a6d292bd976cca15b

Comments