MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c59358faf9f8fce23fde43f7897d14aec3e853d47325719aae1b9d1ee948d286. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c59358faf9f8fce23fde43f7897d14aec3e853d47325719aae1b9d1ee948d286
SHA3-384 hash: 266e6a28ab546ab68c178043469a48bf197c3404f3c720f050590503c9c653b4095c9889d3535b4cbe69b44b49e03bb3
SHA1 hash: ada782f6251d2be33c9bbf39298f289bcd73658f
MD5 hash: 1dfdfb8c729af6fe882d5121bd7141f3
humanhash: venus-bulldog-bakerloo-seventeen
File name:file.7z
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'464'371 bytes
First seen:2020-05-13 07:11:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:akp7DnOZzSs+5dmNoluq2CdahcA4573rYKqSQetJCPwII+JNiOpq9c19iBgb48D:akp2hSBvmNoVaKzFLbnDCo/2NiOg9c1h
TLSH A16533765E73122E46367CCE123C2E07C2022A66CC2EF19DEB446526AE7D6F51C2F394
Reporter abuse_ch
Tags:7z geo HawkEye TUR


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: linux1447.grserver.gr
Sending IP: 46.4.43.189
From: Angustias Ruiz Lópaz <angustias@otemar.com>
Reply-To: dustiutd12@hotmail.com
Subject: CNC 39200 // SÖZLEŞME ANALİZİ-
Attachment: file.7z (contains "file.exe")

HawkEye FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:37:03 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ywjvr6xz7d6oep66ip3ys7iuv3b6qu6uomsxdgvodoor52ki2kda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip c59358faf9f8fce23fde43f7897d14aec3e853d47325719aae1b9d1ee948d286

(this sample)

HawkEye

Executable exe f248fe6c9b2b30dad7c57fb0c6e6eb65a1db3b57d5825df4baf1d746a538de9b

  
Dropping
MD5 c2161f7e2dd367b5397b492bb485565a
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f248fe6c9b2b30dad7c57fb0c6e6eb65a1db3b57d5825df4baf1d746a538de9b

Comments