MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 900b2c6c97020d772191d1d2869a42e0863b642110d1e61888953e9f15f8bc3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 900b2c6c97020d772191d1d2869a42e0863b642110d1e61888953e9f15f8bc3e
SHA3-384 hash: 625d4b01beaa6f00051ce3c3256d0496252e2ac61bcc108f91763db122c1eebfdd97e8404e9fcb638a0640168db35e36
SHA1 hash: 5bb50fb8ac6ab7b1cbc2744c11b1a52d6cf4cac7
MD5 hash: 063df76b1cf208a45852bc2594219609
humanhash: don-august-sink-stairway
File name:Fortuna Purhase order.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'548'741 bytes
First seen:2020-05-12 10:50:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:uWJ9qGDy/cSn0xAuPtouFSu7EdLkDc3Kofdvi1SXkmThOxcHZiwe/MZuJ8AJoYK8:dfyqAuPttFSQEdYDAVKw9YWZiwaMZuOm
TLSH 5465332384D7A1FE45C2EC62FD7A78798614A8C38CFDA8E9CD4446D3B6537F9C0A150A
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: s17583606.onlinehome-server.info
Sending IP: 82.165.194.211
From: Inés Arrimadas <info@artmaticeg.com>
Subject: FOTANA KARL PURCHASE ORDER
Attachment: Fortuna Purhase order.zip (contains "Fortuna Purhase order.exe")

HawkEye FTP exfil server:
ftp.azuriindiabackdrops.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-02-10 23:34:06 UTC
AV detection:
31 of 47 (65.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=safsy3exaigxoimr2hjingsc4cddwzbbcdi6mgeisu7j6fpyxq7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 900b2c6c97020d772191d1d2869a42e0863b642110d1e61888953e9f15f8bc3e

(this sample)

HawkEye

Executable exe bfdee56be2464c574a71e8997b896de7841dbd9bb473219edd52c3c5ce2ceeab

  
Dropping
MD5 5225655b1890902c4c58a9c2fde20010
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bfdee56be2464c574a71e8997b896de7841dbd9bb473219edd52c3c5ce2ceeab

Comments