MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 254fe56c98f7e5bc8dbee1d5597018955d83cc487626655b4b1fa079b3281d7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 254fe56c98f7e5bc8dbee1d5597018955d83cc487626655b4b1fa079b3281d7c
SHA3-384 hash: ae85eee640dbca11e8a70e383ac64ed5398b411bb29a2515c545f11fb986788be17c71642da790ff42b43f5b812233b5
SHA1 hash: 9cba54aa0f0615580ffba964eff258befa8049c1
MD5 hash: e7da481cd8257f87d128105bfa30282a
humanhash: stream-oklahoma-don-lemon
File name:ORDEN58762 COVID-19 -pdf.7z
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'698'107 bytes
First seen:2020-05-04 20:21:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:BgPefx/zdTrQiw7CShE2OPrt6U1Lf4OhHjmj9fNb:Syx/6ySzUt6oHQ9J
TLSH 9F7533244EB4E51D18EA1753E5E8E656CCEC466C8E07725BBB0EE78FC2AC6006363E45
Reporter abuse_ch
Tags:7z COVID-19 HawkEye


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: server.linux69.papaki.gr
Sending IP: 88.99.0.236
From: Fredrik Lingeskog <fredrik@svenskalager.se>
Reply-To: Fredrik Lingeskog <dustiutd12@hotmail.com>
Subject: ORDEN COVID-19 (MÁSCARA, DESINFECTANTE DE MANOS Y GUANTES DE LÁTEX)
Attachment: ORDEN58762 COVID-19 -pdf.7z (contains "ORDEN#58762 COVID-19 -pdf.exe")

HawkEye FTP exfil server:
ftp.kassohome.com.tr:21

HawkEye FTP exfil user name:
bringlogs@kassohome.com.tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 18:42:42 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=evh6k3ey67s3zdn64hkvs4aysvoyhtcioytgkw2ld6qhtmzidv6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 254fe56c98f7e5bc8dbee1d5597018955d83cc487626655b4b1fa079b3281d7c

(this sample)

HawkEye

Executable exe 50a0367e0dc806e22c71c7bfcfe9c2446b47dbb7dbba35d0de812e2803d33461

  
Dropping
MD5 fcf6dc2b87ffbf5c0df3b5808b234fe8
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50a0367e0dc806e22c71c7bfcfe9c2446b47dbb7dbba35d0de812e2803d33461

Comments