MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d4242c2c65e2ef93faf3f413fed5585a2629386b5f343da0a078af80074e53c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d4242c2c65e2ef93faf3f413fed5585a2629386b5f343da0a078af80074e53c
SHA3-384 hash: 9a8b665e335e0f7b73d0a86745427a7b12dc5c52ce606ec648f2a6d29ad44003db711d7446d6607f517a1a3d19d36462
SHA1 hash: 4218aca06839ad5915de1811f4ff3a7546b8d1d0
MD5 hash: 1f6ba82abe1d0b1a1fbd638f0bf31738
humanhash: nuts-vermont-artist-spring
File name:500Pieces_Quotation.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:574'305 bytes
First seen:2020-05-07 06:43:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:APjelZ2JeeJ1qeUNsZ2/1sCCRqEySz5TZGmqZh+cRVl9inoV:UKlZ2z1qeUOM4kSamJG9ioV
TLSH 9CC423B4375A7BD0C69B5A8559209F020DEE22E9C4732B225355BF50A5C0F4358FEF2B
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: sv46.byethost46.org
Sending IP: 82.163.176.47
From: support@akalelie.com
Subject: 500 Pieces Request For Quotation.
Attachment: 500Pieces_Quotation.zip (contains "Documenting.exe")

HawkEye SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44615.9754.13379.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 07:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvbefqwglyxpsp5ph5at73kvqwrgfe4gwxzuhwqka6fpqadu4u6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 2d4242c2c65e2ef93faf3f413fed5585a2629386b5f343da0a078af80074e53c

(this sample)

HawkEye

Executable exe 35171408c49e8a440f8c96bf47889cc94b310a9c968e771f7d8640079fb8d798

  
Dropping
MD5 10c2251b7ddf0126dd3d2d73f83c96cd
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35171408c49e8a440f8c96bf47889cc94b310a9c968e771f7d8640079fb8d798

Comments