MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f1c17ce42da98d5fb36f55b4b1dbc4d70d131d33f7597a49081d8a5bb924579. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8f1c17ce42da98d5fb36f55b4b1dbc4d70d131d33f7597a49081d8a5bb924579
SHA3-384 hash: 99f67221e2b0897f4d51e64ef00d3b89c076eaa374faad1a3680eb79b6fb095183a96a6c0bb867beedf7a0c9b84dea15
SHA1 hash: 34b1b1eac9e834f177aa3ed5cdacc0d43aca102c
MD5 hash: a03e15a6e7cd920971f119fc3028f240
humanhash: november-shade-edward-lima
File name:NEW ROM 01-002361_PDF.rar
Download: download sample
Signature HawkEye
File size:665'724 bytes
First seen:2020-07-31 10:18:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Dup8IO00ii8AwAK6Kjj9swYYtcFZjJTwTBT2mSXYP/r:DuvP0ii6AK6yawYIBK3eT
TLSH A9E43334FA9144F246E0AD9A8A78375D47BF538C3CB3A23569003EC5B75B5C4973B1A4
Reporter @abuse_ch
Tags:HawkEye rar


Twitter
@abuse_ch
Malspam distributing HawkEye:

HELO: de.uitn.com
Sending IP: 148.251.248.181
From: Mohamed shaban <oa05438@mellitahog.ly>
Reply-To: Mohamed shaban <soomla6384@yahoo.com>
Subject: TOP URGENT_NEW ROM: 01-002361
Attachment: NEW ROM 01-002361_PDF.rar (contains "NEW ROM 01-002361_PDF.exe")

HawkEye SMTP exfil server:
smtp.yandex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
28
Origin country :
US US
Mail intelligence
Geo location:
DE Germany
Volume:
Low
Geo location:
CH Switzerland
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Injects
Status:
Suspicious
First seen:
2020-07-31 10:20:07 UTC
AV detection:
16 of 48 (33.33%)
Threat level
  5/5
Threat name:
Trojan
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar 8f1c17ce42da98d5fb36f55b4b1dbc4d70d131d33f7597a49081d8a5bb924579

(this sample)

  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment

Comments