MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02e8e1b20a7507d3bd9cc8987072a4823ee5aeb81a3ff956224d1f0e4aeb0214. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02e8e1b20a7507d3bd9cc8987072a4823ee5aeb81a3ff956224d1f0e4aeb0214
SHA3-384 hash: 6333261033b5f860be7617885bd83369f5d28d7848d115e6d385a9f1f7d37b33748c18dca5f3ca34b85e33e5bd64cd3e
SHA1 hash: 9fc52a99994986a2a7949831b7824913603c71be
MD5 hash: d22b725943195cf571d16dea38e75db5
humanhash: batman-golf-five-sixteen
File name:PO9048899AUG13.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:602'071 bytes
First seen:2020-08-14 08:03:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:gpvF7mciDQnVE/g0yBQrX487xsC6kpVNEXibKllYG1F8AB:gNxcoEz48FTpVWcQZB
TLSH C1D4231391F83DF6DB9A64A5B58B8B71B8008C4C76A1A4E460FD92BD1CD7AEC8220D75
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: plesk02.nttcom.ms
Sending IP: 137.116.230.189
From: HEIMIR JĂ“NSSON <samplesales@joinwin.com.hk>
Reply-To: dh_derhawk@126.com
Subject: Re: Re: FACTURA 120004617-SPS-1726076
Attachment: PO9048899AUG13.zip (contains "PO9048899AUG13.exe")

HawkEye SMTP exfil email address:
webmail.tos-thailand.com

HawkEye SMTP exfil email address:
sudarat.k@tos-thailand.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02e8e1b20a7507d3bd9cc8987072a4823ee5aeb81a3ff956224d1f0e4aeb0214/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 08:05:07 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aluodmqkoud5hpm4zcmha4veqi7ollvydi77svrcjupq4sxlaika._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/02e8e1b20a7507d3bd9cc8987072a4823ee5aeb81a3ff956224d1f0e4aeb0214

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 02e8e1b20a7507d3bd9cc8987072a4823ee5aeb81a3ff956224d1f0e4aeb0214

(this sample)

HawkEye

Executable exe 9af42638628323098b6873eee65103c97fa1ff971d6640323ab4a5290edc71c2

  
Dropping
MD5 73fa9bfb100fa4d8304fef98446d2b62
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9af42638628323098b6873eee65103c97fa1ff971d6640323ab4a5290edc71c2

Comments