MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88194c9e2e3a3159f19558a93ab684d8545539baec3873c73aa1afe104c89a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88194c9e2e3a3159f19558a93ab684d8545539baec3873c73aa1afe104c89a58
SHA3-384 hash: 8fb98e6c06f635b9fc8eba457dcd3c5e9e32578cfab7bb72db84ec203085af697bee89b6dc1603d3c94b3c9360de2e7d
SHA1 hash: fa22d3f0026b18d76e110764447953d490adbf8a
MD5 hash: 7e1244ba265f4433ecb8b6dd99f83f05
humanhash: enemy-finch-twelve-tennessee
File name:O7292020987725545.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:698'358 bytes
First seen:2020-07-29 06:39:51 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:Bpe67n2IPPN2U4iG/a5CerHZeOtJ1EH3ZXe52MzPMwD8WA6hPyme0lkDc2p5c:+6qcJbLEeJ1EH3ZXe52uPMwD8X6xyZId
TLSH 73E433F56F242805BCBAA34E29FE356536F38911FFA8350066F5A1081D4ADE79CFA530
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: intertek.com
Sending IP: 104.168.155.7
From: <jamie.kim@intertek.com>
Subject: RE: Intertek Price forecast discounts for CONVID'19
Attachment: O7292020987725545.PDF.z (contains "O7292020987725545.PDF.exe")

HawkEye FTP server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88194c9e2e3a3159f19558a93ab684d8545539baec3873c73aa1afe104c89a58/
Threat name:
ByteCode-MSIL.Trojan.Crypt
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 06:41:05 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ramuzhrohiyvt4mvlcutvnue3bkfkon25q4hhrz2ugx6cbgitjma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 88194c9e2e3a3159f19558a93ab684d8545539baec3873c73aa1afe104c89a58

(this sample)

HawkEye

Executable exe 814a5dc8dbe791a8e554c6823eedb3b4e9bfcd1006901df2f3468f71d1dd8437

  
Dropping
MD5 ea1fd15ccebbaf20b2d2c20e59289e2c
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 814a5dc8dbe791a8e554c6823eedb3b4e9bfcd1006901df2f3468f71d1dd8437

Comments