MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13043a311c6df196c43a98ad6b86e326267ef4ae255c84112e74c5112304bbee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13043a311c6df196c43a98ad6b86e326267ef4ae255c84112e74c5112304bbee
SHA3-384 hash: a9a776232dda918df9e7756124199da6876cbf6e01390415974961e287301db2a5894372227514e7f3fca7d07212fb5e
SHA1 hash: b60d0bfeb03f1853cb470ff2ada5965e9df11353
MD5 hash: ec0615ee219e71f3c250bf812595d41a
humanhash: artist-twenty-video-yankee
File name:005262076548653.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:567'635 bytes
First seen:2020-05-26 10:27:10 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:3/cMjlGIS/qCpGgOWRqVLzsEPdFUppFIBss5bCxaNHl:3yAgyVLzsUFkFIH5ex4
TLSH D1C423FA0D92B80D85B11384DA2DB4114AEE0C07E28DEE1DE3DDFE2605ED65DCE98D51
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: korea.com
Sending IP: 192.129.189.208
From: Jenny Cho<LFSOURCING@korea.com>
Subject: Fabric sourcing request for womem lace fabric SP21
Attachment: 005262076548653.PDF.z (contains "005262076548653.PDF.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 10:36:36 UTC
File Type:
Binary (Archive)
Extracted files:
258
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 13043a311c6df196c43a98ad6b86e326267ef4ae255c84112e74c5112304bbee

(this sample)

HawkEye

Executable exe c0e07d28db57e5956e32eb9ae9f4dac27841766c50c6b1feaf63f6507f8c17bc

  
Dropping
MD5 42a259157e5123b70ee5b5d1a6de0a4f
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c0e07d28db57e5956e32eb9ae9f4dac27841766c50c6b1feaf63f6507f8c17bc

Comments