MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb759109f8ebffbda7467ffb0a60ed03d5ade7c3a8e03e98b3ab4df8ca3e2b79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb759109f8ebffbda7467ffb0a60ed03d5ade7c3a8e03e98b3ab4df8ca3e2b79
SHA3-384 hash: 428ce9b4f3069c8693f714cab38661c0e8c7c139b31ff85edb037f70c7e70f92babb40ba4f05886eb1dee6c6eb9e8af8
SHA1 hash: a5501d46533aba568636612d9476da9f6f2f09b2
MD5 hash: d744d94862ccf1488a30434a2575b972
humanhash: five-triple-potato-asparagus
File name:Rastreamento fedex-pdf.7z
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'573'424 bytes
First seen:2020-05-25 12:32:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:tRIQ10/ui8ZIIfZmNKzdWyMZpayGjn4AOi/bW2IYdn:r4uPRAHWVjn4A1/bXIYdn
TLSH 0B753393F959DB009F6DC8F5BA227820337B928DE1292AD3775DFB41D4B31374622628
Reporter abuse_ch
Tags:7z FedEx HawkEye


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: linux1117.grserver.gr
Sending IP: 95.216.16.146
From: Kimberley Lin <kimberley.lin@fedex.com>
Reply-To: Kimberley Lin <dustiutd12@hotmail.com>
Subject: NOTIFICAÇÃO DE ENTREGA DA FedEx
Attachment: Rastreamento fedex-pdf.7z (contains "Rastreamento fedex-pdf.exe")

HawkEye FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:37:21 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip fb759109f8ebffbda7467ffb0a60ed03d5ade7c3a8e03e98b3ab4df8ca3e2b79

(this sample)

HawkEye

Executable exe d1ec926da7d3cb92aa79752572c43baadb5241d7acae7f6ba3dea776c95c7a8c

  
Dropping
MD5 d2a0b0984a68dc5b14eded33e7320db7
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1ec926da7d3cb92aa79752572c43baadb5241d7acae7f6ba3dea776c95c7a8c

Comments