MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8db8c4d8cf585fc858ef52a8449f3172536dde3e4d9611b11426e1b3e88598d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8db8c4d8cf585fc858ef52a8449f3172536dde3e4d9611b11426e1b3e88598d2
SHA3-384 hash: 57c86ea0f04deba2f23df832e241c499418ddd12cda36e469759d8d9737a4e3f331558f8d3532c5fb44d136f7b224eab
SHA1 hash: 8f1c636a513fa7759d981aac0d0696d7c3418386
MD5 hash: f4d17a7a5c054cfbe0d2fe79b1187a78
humanhash: cold-stream-orange-five
File name:LATEST PRECAUTIONARY MEASURES_pdf.rar
Download: download sample
Signature HawkEye
Create hunting rule
File size:427'888 bytes
First seen:2020-04-17 08:19:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:sUyj/J0ySWV1qw8Lf4iinV6UCLubA/nsOd8mNzC:ZyXGT4i4V6UCBt6mtC
TLSH 4094235A7FEDE45A02E574C9A34BD5CA45B1E5C204FAD2059CA23725C8BF8B028F353E
Reporter abuse_ch
Tags:COVID-19 HawkEye rar


Avatar
abuse_ch
COVID-19 themed malspam distributing HawkEye:

HELO: doka.com
Sending IP: 156.96.47.7
From: michael.arnold-medical@doka.com
Subject: Latest Potential Service Impact of COVID-19
Attachment: LATEST PRECAUTIONARY MEASURES_pdf.rar (contains "LATEST PRECAUTIONARY MEASURES_pdf.exe")

HawkEye SMTP exfil server:
mail.nabf.com.au:587 (122.201.97.187)

HawkEye SMTP exfil email address:
nancy@nabf.com.au

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-17 08:35:32 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
13 of 47 (27.66%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rw4mjwgplbp4qwhpkkuejhzrojjw3xr6jwlbdmiue3q3h2eftdja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar 8db8c4d8cf585fc858ef52a8449f3172536dde3e4d9611b11426e1b3e88598d2

(this sample)

HawkEye

Executable exe fa933a52aefddd4d8afc31c031c7e2e2fe18a8e64caec310b0ea1a7ea2fe744f

  
Dropping
MD5 361b4920c1e7f6804609f9a1493ba6df
  
Dropping
SHA256 fa933a52aefddd4d8afc31c031c7e2e2fe18a8e64caec310b0ea1a7ea2fe744f
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa933a52aefddd4d8afc31c031c7e2e2fe18a8e64caec310b0ea1a7ea2fe744f

Comments