MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c6a3c9e212de7724098c54d32c53325896186796e533e4677db001b922f2607. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c6a3c9e212de7724098c54d32c53325896186796e533e4677db001b922f2607
SHA3-384 hash: 2a0240acb8ca3f3e3ed60237ecb35c07478d89097ffe37a10da26ff8fcea5c7b847ca53b4ef69c36b37a17f03c33ccf2
SHA1 hash: 5b67c5f2b4cdc3e6a1df549040c98ea23e83f8b5
MD5 hash: 59138f9c535a87318ce5bc544f186f43
humanhash: high-pluto-gee-comet
File name:Purchase Order.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:627'421 bytes
First seen:2020-10-16 10:37:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Z2ZbAiv5Z+lM5KnuVBWhaluwXMC0pYuVexNM1VLo082gyLpV4Fzi:2bAuuU7WpnCqYuaNGNZX4Fzi
TLSH 97D42380628091F6AF1D43519B40546FEFFA10F58BC15B38FBC2EB74469A6133BAF985
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: castro2020.xyz
Sending IP: 80.89.229.206
From: Katharina George <hongzhen168@hotmail.com>
Subject: Re: Purchase Order
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BackDoor.SpyBotNET.25.21088.18222.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c6a3c9e212de7724098c54d32c53325896186796e533e4677db001b922f2607/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 20:21:02 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=brvdzhrbfxtxeqeyyvgtfrjtewewdbtznzjt4rtx3mabxerpeydq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c6a3c9e212de7724098c54d32c53325896186796e533e4677db001b922f2607

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 0c6a3c9e212de7724098c54d32c53325896186796e533e4677db001b922f2607

(this sample)

HawkEye

Executable exe 25373c7ff4e7a9756a4f17b2459e1fe85b703f4192485ae8222e095f5c08c294

  
Dropping
MD5 5cdd253f55478b4f888dea022ac557ac
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25373c7ff4e7a9756a4f17b2459e1fe85b703f4192485ae8222e095f5c08c294

Comments