MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0bf951c0f9284f24615c8fd5f3a1f867516c1322ea618fe9b83ed45a90d63d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0bf951c0f9284f24615c8fd5f3a1f867516c1322ea618fe9b83ed45a90d63d9
SHA3-384 hash: a1c36f69ddcd2543502168ca28f33f141466c5622fc6bba723f820c6df43416f31f5c2836688a752b1100cb48e69995b
SHA1 hash: b7c81651e94a9f081c26a0f42fbc0a6f5458c9b5
MD5 hash: c73cabbded52931d966a8cc16e5a7350
humanhash: august-nevada-zebra-pennsylvania
File name:STOCK LIST.exe.img
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-19 14:24:29 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:M2ntpFIZ3YeO/kCPCRRs5QdzKFrcfLtGAXfS8J8:DYo9/kCP95CzKI4ka8
TLSH B3451240279E2BB1D0781FF41931241997F6F1B8A262EF8C3DDDB0E61B76B44A560DA3
Reporter abuse_ch
Tags:HawkEye img


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: mx01.00gate.com
Sending IP: 81.208.42.115
From: 참비 <tlswls1101@hanmail.net>
Subject: FW: FW: New purchase order Y189655 2x40
Attachment: STOCK LIST.exe.img (contains "STOCK LIST.exe")

HawkEye FTP exfil server:
ftp.anuarul-sanatatii.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.49052.857.1285.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 14:37:18 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2c7zkhapskcperqvzd6v6oq7qz2rnqjsf2tbr7u3qpwulkinmpmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

img d0bf951c0f9284f24615c8fd5f3a1f867516c1322ea618fe9b83ed45a90d63d9

(this sample)

HawkEye

Executable exe 6c18ca5bda44004c45e35e8224736bac8da9c64e901a5d3342a9834cb43d93ae

  
Dropping
MD5 547223749b48c3f000614ee2d8a6cf1d
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6c18ca5bda44004c45e35e8224736bac8da9c64e901a5d3342a9834cb43d93ae

Comments