MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41b53c982c2edd57486bd2c699e783446b01c244915254067ac0cb073926b4db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41b53c982c2edd57486bd2c699e783446b01c244915254067ac0cb073926b4db
SHA3-384 hash: 0089f1924276d4373ff44cad132b532b374e036bc7639e95e065f3f5e6bfa87b4841212aa7c554de98697cc952857fe1
SHA1 hash: 6b7cf056ad8f3f045705654d24d4f6efd8539918
MD5 hash: 3bc6c2f8d54ee3f65da36a2de9cdf715
humanhash: table-missouri-louisiana-apart
File name:PO HALLEY PROJECT01X40 CFR 72020.tbz2 2.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:757'099 bytes
First seen:2020-05-08 07:08:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:tG6trvUSUTCcK1w/jq5awpMVh/B/rlAssD+jizi+BUynFlUWpd5kdvxK3s/WDkoS:s6tLSKajq/uhZlAIopj3yMs/ukoZgfkU
TLSH 57F43353AFED425FB8C80014E849BA6914254B13B391352F9E1C4F3C29B67EB6FB1786
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: halleycables.com
Sending IP: 156.96.151.244
From: Radu DOBRE <radu@halleycables.com>
Reply-To: Radu DOBRE <williechang1@yahoo.com>
Subject: Re:Purchase Order - P.O HALLEY PROJECT// UR WEBSITE CONTACT US
Attachment: PO HALLEY PROJECT01X40 CFR 72020.tbz2 2.zip (contains "PO HALLEY PROJECT01X40 CFR 72020.tbz2.exe")

HawkEye SMTP exfil servre:
mail.eagleeyeapparels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.862705.27775.14175.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 07:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ig2tzgbmf3ovosdl2ldjtz4dirvqdqsesfjfibt2ydfqoojgwtnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 41b53c982c2edd57486bd2c699e783446b01c244915254067ac0cb073926b4db

(this sample)

HawkEye

Executable exe 7c0f66eed3a2fc7c90ab5db03483aada693894a77a1480e22521ccf422a08ba3

  
Dropping
MD5 f31581564b5bbc14d3c862c2be157a52
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c0f66eed3a2fc7c90ab5db03483aada693894a77a1480e22521ccf422a08ba3

Comments