MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2708fc82b7aeaf97947e437736fe3f1023911d8cdcd45663ed3cb22ffd0a53b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2708fc82b7aeaf97947e437736fe3f1023911d8cdcd45663ed3cb22ffd0a53b7
SHA3-384 hash: 60ac9ba7c6e6e577713d636261b51dc82e69152b101c3cda366ab70686d01b9338e89283eb18e3dfdd9bc8c0fdf9f992
SHA1 hash: 2367328a0eb2677851174f1fae555983cdc81a3a
MD5 hash: 2424855b0e3f8acefa093d03f808c4fd
humanhash: kentucky-echo-california-hotel
File name:REQUEST FOR QUOTATION 13032020_pdf.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:713'493 bytes
First seen:2020-05-04 21:47:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Ob6SgTiOXnMpRW4t8Q/upb0/Az4FR3SPMTvltE7uZwCrQbNaSWqnsabVKWu1A8JX:Ob6SuxnMp7MpA/AaiP0obCSaSWqnt8JX
TLSH 45E423763498F0882A47EF18F78E2E69DCBFD41989C95B380E98071ECA2559330EDD95
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: mail.apartacel.com
Sending IP: 200.52.172.106
From: karen@choimesse.com
Subject: FW: URGENT REQUEST FOR QUOTATION
Attachment: REQUEST FOR QUOTATION 13032020_pdf.zip (contains "REQUEST FOR QUOTATION #13032020_pdf.exe")

HawkEye SMTP exfil server:
mail.crdd.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39524.21222.12214.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:36:25 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e4epzavxv2xzpfd6in3tn7r7carzchmm3tkfmy7nhszc77ikko3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 2708fc82b7aeaf97947e437736fe3f1023911d8cdcd45663ed3cb22ffd0a53b7

(this sample)

HawkEye

Executable exe 6ff9969b0b9d452a37be71de3c3cb1773a4ce604068bdb715ee3f2742d0e3898

  
Dropping
MD5 a122075e75961b8fa89da61dbc1056a6
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ff9969b0b9d452a37be71de3c3cb1773a4ce604068bdb715ee3f2742d0e3898

Comments