MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf618cd50340e1611e4b33e6ce9c339bb1e0943f1e6cdee268ec0d1cd7101366. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf618cd50340e1611e4b33e6ce9c339bb1e0943f1e6cdee268ec0d1cd7101366
SHA3-384 hash: 626b19a651ede772a89a537e587a7cd7758556919306743707e26fec6480c9d1838000004218661cb1c92ff863a547fd
SHA1 hash: dcf2f8f3f01cb582c6fbfa3618656cb6c04b22ed
MD5 hash: b8c64844dca2d64a28bbc00892f02f42
humanhash: fillet-lion-purple-coffee
File name:MV BULK CHILE.rar
Download: download sample
Signature HawkEye
Create hunting rule
File size:637'288 bytes
First seen:2020-05-20 07:49:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:eUFEgr4x5N6WtsFxvI43DHo4lVCyRlwDlsjHZ+3hFUJZoI8q9L2:eUP4x50Wtu73DI0Ay3mzxGPOq9L2
TLSH 35D42302AB137D684828A9D0C205F1E0F79AAF53FF5D478B2443B1E846FCD954A467BE
Reporter abuse_ch
Tags:HawkEye rar


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: 162-241-215-51.unifiedlayer.com
Sending IP: 162.241.215.51
From: bukoil@otenet.gr
Subject: RE: MV BULK CHILE/ AFG - CP DD 5th MAY 2020- calling for discharging 48870mt of DAP in bulk - AGENCY NOMINATION
Attachment: MV BULK CHILE.rar (contains "MV BULK CHILE.exe")

HawkEye SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 08:36:53 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5qyzvididqwchslgptm5hbttoy6bfb7dzwn5yti5qgrzvyqcnta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar bf618cd50340e1611e4b33e6ce9c339bb1e0943f1e6cdee268ec0d1cd7101366

(this sample)

HawkEye

Executable exe d07a04d317ef504a92d8dcc48a11d31a0cf61b9aed9054db1de93ad77091ae69

  
Dropping
MD5 5f9326ab28497633dad898d9d0a198c9
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d07a04d317ef504a92d8dcc48a11d31a0cf61b9aed9054db1de93ad77091ae69

Comments