MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 549b54a0c55920c6207de1746a4b724437f6692c085e4f8942fd55086ee32d89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 549b54a0c55920c6207de1746a4b724437f6692c085e4f8942fd55086ee32d89
SHA3-384 hash: 428331655fa3193a48af146f1af6eb330d67921f0ee385d4c259d0e8637e67d115073555004a33e2f8e22c9e2d10c68b
SHA1 hash: 4af936144d85461d3464bc8fa009dc8efe11d3d5
MD5 hash: 6c2d8391fa4cc02ef0b4b883ce587a33
humanhash: failed-three-berlin-snake
File name:ΑΠΟΔΕΙΞΗ ΠΛΗΡΩΜΗΣ-pdf.7z
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'446'471 bytes
First seen:2020-05-01 12:19:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Sp8MHoSn05GsmM7va1qnx6miRg7HONKQoZ3sNwtURbCe4eFWJ1i:46ljaQnx6mrHO0QpyOV4eQfi
TLSH C46533BC9A9E0C234160147AB3F9E2D9530BA28FA9CF917C9B2510D3D9E821FB57D744
Reporter abuse_ch
Tags:7z geo GRC HawkEye


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: cldedicado01.duonet.es
Sending IP: 89.17.204.215
From: Ofichem <cs@ofichem.com>
Reply-To: Ofichem <dustiutd12@hotmail.com>
Subject: ΑΠΟΔΕΙΞΗ ΠΛΗΡΩΜΗΣ
Attachment: ΑΠΟΔΕΙΞΗ ΠΛΗΡΩΜΗΣ-pdf.7z (contains "ΑΠΟΔΕΙΞΗ ΠΛΗΡΩΜΗΣ-pdf.exe")

HawkEye FTP exfil server:
ftp.kassohome.com.tr:21

HawkEye FTP exfil user name:
bringlogs@kassohome.com.tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 12:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ksnvjigfleqmmid54f2gus3siq37m2jmbbpe7ckc7vkqq3xdfweq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 549b54a0c55920c6207de1746a4b724437f6692c085e4f8942fd55086ee32d89

(this sample)

HawkEye

Executable exe 1275be780e28778f4db9b08b70b14d2d2ca9cecac94085c704c9ba4083ec9b6f

  
Dropping
MD5 738770a68cfda3e6e1561d06e5190b44
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1275be780e28778f4db9b08b70b14d2d2ca9cecac94085c704c9ba4083ec9b6f

Comments