MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09979ea7fceb017cb7e1f808d51b6d0596d4d00d46aa0f523673d515bab69f01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09979ea7fceb017cb7e1f808d51b6d0596d4d00d46aa0f523673d515bab69f01
SHA3-384 hash: 2482f7c8d8b6f8782098e88fd1a484da34bbd2fe3314ca762c1d6b4d8d5a54af0a014fea2f39b4f97474b442d5698651
SHA1 hash: 3100d7f7c6da54c26b4e8f69c5b0c2af46206c11
MD5 hash: 43626b5c13de2028f11a75e142c54bbf
humanhash: sodium-ack-cup-blossom
File name:Bank-Deposit-Slip..z
Download: download sample
Signature HawkEye
Create hunting rule
File size:692'687 bytes
First seen:2020-06-10 07:14:07 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:7BMsdoKempJAZf6GyW1h7ocUkoPjocXRfH86ZXwzlWGUxP7/Aj7umzD5bMd3NN4V:D+ApiZiGWcUnPjxXJH8jBWG+jUtA6
TLSH 47E423692ED814937410D2DEF1498D1CA9CCF8D8BD64F49BDF318F8ACE32696C4D2A52
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: samail.online
Sending IP: 192.236.179.55
From: Gregg Wilder <sales@maildo.online>
Subject: Invoice
Attachment: Bank-Deposit-Slip..z (contains "Bank-Deposit-Slip.exe")

HawkEye SMTP exfil server:
mail.professionals.biz.pk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:16:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bglz5j745maxzn7b7aenkg3nawlnjuani2va6urwopkrlovwt4aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 09979ea7fceb017cb7e1f808d51b6d0596d4d00d46aa0f523673d515bab69f01

(this sample)

HawkEye

Executable exe 17c7aa7df0ffa47ac142bcf82edb465eedabcc7a307e8726eb12c92698302e16

  
Dropping
MD5 7b87763ef937ee2af677b34930a4f47b
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 17c7aa7df0ffa47ac142bcf82edb465eedabcc7a307e8726eb12c92698302e16

Comments