MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea6098b5b1bf9c2a0f42189cd13701061c2e6b8559a23b478f5a0a6b84e78c73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea6098b5b1bf9c2a0f42189cd13701061c2e6b8559a23b478f5a0a6b84e78c73
SHA3-384 hash: 678f5d2b2a8109ee9bef6a39f5cfb4f9dc0b8ca918b4fa61252083a4e1f6f436a069e5d1dbf310273fe9bbcdb8d302ab
SHA1 hash: ccf6357bf854e31a28e0b940de640b3587d519e0
MD5 hash: e3719395a06591afe0d4117fefdc612d
humanhash: carbon-cola-hawaii-cola
File name:company profile and pictures.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:697'736 bytes
First seen:2020-05-14 17:33:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:FUFbSUbbATm27Q5NBj7AwybTt8fAuZ87UmWjUWuZMHEFUX3tli0ll+TJkR1WK6rt:GRSUbWkfBHAbiIgcOIWuZMk+XXZllyJf
TLSH 81E433BBD21DC9B043D5A32DE23498AB0545B59A3C27C8C523BA83CDF659D79036CF16
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: m136-178.yeah.net
Sending IP: 123.58.178.136
From: Jack-Sayang <sy03@sayangpacking.com>
Subject: company profile and pictures
Attachment: company profile and pictures.zip (contains "company profile and pictures.exe")

HawkEye SMTP exfil server:
smtp.clubluxurious.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 17:36:02 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jqjrnnrx6ocud2cdconcnybayoc424flgrdwr4plifgxbhhrrzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip ea6098b5b1bf9c2a0f42189cd13701061c2e6b8559a23b478f5a0a6b84e78c73

(this sample)

HawkEye

Executable exe 0d5b124dc494933b725a7099f5d0ffa42f122b9896bd383791179a5f865a7b32

  
Dropping
MD5 8b35d0032a59c34d4f48f870480d144d
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0d5b124dc494933b725a7099f5d0ffa42f122b9896bd383791179a5f865a7b32

Comments