MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fc9ab3101131dda155393a792474504de189da12547e351254e37ab5fbba32d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fc9ab3101131dda155393a792474504de189da12547e351254e37ab5fbba32d
SHA3-384 hash: f409b09a93ea10f6df696649f5eaabad042a1656c4b82a38e87c79dbfd2c6b4ca8da648f5eb2bc0d6fd7fcc6c24f1f80
SHA1 hash: 1cab14c5306c569aa3acc3f7bde57e57f544fedd
MD5 hash: 322bee81a4b68a772c146f8ab36a8547
humanhash: michigan-undress-colorado-nitrogen
File name:CURE FOR CORONAVIRUS_pdf.gz
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'722'706 bytes
First seen:2020-04-06 08:54:40 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 49152:f9HtNoqIccTbei6BRtKTY20yY9LVh8Yj56yZ:toq+CBRtus9LVespZ
TLSH 8F8533E1DD872D30D6A3957A2FC5C86AA46F528E7F5B082E0E55EF0C0388C8D5C15F6A
Reporter abuse_ch
Tags:COVID-19 gz HawkEye


Avatar
abuse_ch
COVID-19 themed malspam distributing HawkEye:

HELO: s1.ahsaelektronik.net
Sending IP: 185.82.220.208
From: W.H.O. (WORLD HEALTH ORGANIZATION) <ebru@ottoinnova.com>
Subject: (W.H.O) POSSIBLE CURE FOR CORONAVIRUS COVID-19
Attachment: CURE FOR CORONAVIRUS_pdf.gz (contains "CURE FOR CORONAVIRUS_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 09:48:26 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7e2wmibcmo5ufktsotzer2fatpbrhnbevd6gujfjy32wx53umwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

gz 0fc9ab3101131dda155393a792474504de189da12547e351254e37ab5fbba32d

(this sample)

HawkEye

Executable exe fbdf3aed799b476ec4a89b100195efd05bcbc7d51728dd2415ce2c506b4b72cf

  
Dropping
MD5 596dd45a5b48ef45e4cae443d7314f35
  
Dropping
SHA256 fbdf3aed799b476ec4a89b100195efd05bcbc7d51728dd2415ce2c506b4b72cf
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment

Comments