MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e5be10fdd571b6f60df3e9ec3603446ffe7fc5827936eae7b7282bdc02f1854. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e5be10fdd571b6f60df3e9ec3603446ffe7fc5827936eae7b7282bdc02f1854
SHA3-384 hash: 90bf91a751e88279e4cb353d1f7fc369d552d7322222eae09b6facb68a870aba286e74be4e932cfc5841e76e93c76ed1
SHA1 hash: c790e3602300935094027bc3a04cad93e1f9b3c2
MD5 hash: d447f7237aed8ffb2c7d8a1ad362a086
humanhash: finch-solar-six-muppet
File name:ORDER20052020.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:582'425 bytes
First seen:2020-05-20 11:38:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:xSFR0MwFCjaTPJoVejsK2VZ6VCtGhjvdWWTrWcgAuBZf0HsoGf:QF1etogODybdhbCfuGf
TLSH C5C4238B3228EA72C79D79F8CEC23FF254A48EB4370D5144E633E68B2554A4D4F6425E
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: smtp.guangchengsz.com
Sending IP: 121.201.33.16
From: Christina <info@yok.com.cn>
Reply-To: dh_derhawk@126.com
Subject: RE: PO#: EF17BA/0-00661
Attachment: ORDER20052020.zip (contains "ORDER20052020.exe")

HawkEye SMTP exfil server:
smtp.urban.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:30:29 UTC
File Type:
Binary (Archive)
Extracted files:
277
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bzn6cd65k4nw6yg7h2pmgybui376p7cye6jw5lt3okbl3qbpdbka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 0e5be10fdd571b6f60df3e9ec3603446ffe7fc5827936eae7b7282bdc02f1854

(this sample)

HawkEye

Executable exe 005f14d06c16be03e043dd8a6e92eadac72688491f960e0219de292eaefdfd22

  
Dropping
MD5 b2070a7c862e730a07c5f7e5c33af35e
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 005f14d06c16be03e043dd8a6e92eadac72688491f960e0219de292eaefdfd22

Comments