MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a2ee0d0fcce5a02d74f06b201d0462b3a57f08b617fdded23a088c97eff7266. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a2ee0d0fcce5a02d74f06b201d0462b3a57f08b617fdded23a088c97eff7266
SHA3-384 hash: 27ef6000e68919118586926c001ab95cfe07793bda3bd8f7c6cc4166ea9ea6dbb6fcb504386fab6a0b3ecedb98cbecb4
SHA1 hash: d5f25e41b67c00c29eaa94e966a7d17468ec4407
MD5 hash: 4e1cff8935178e29eb7cbc30aacbcc16
humanhash: jupiter-mockingbird-east-grey
File name:Scan-1938002235_pdf.arj
Download: download sample
Signature HawkEye
Create hunting rule
File size:313'044 bytes
First seen:2020-06-08 07:55:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tN15N9OyK2kaPR3EKLMVFd+T44PGwhIfwBUPhnosQNHdNfN5Qi:tN15N4yJJXMG4iIfThnW3fLh
TLSH D564239AE5DA81A6F03F877C161476531CE32188B10BDF920EE27F47286C1BBD5D9839
Reporter abuse_ch
Tags:arj HawkEye


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 94-100-28-224.static.hvvc.us
Sending IP: 94.100.28.224
From: JHSHIP INTERNATIONAL LTD <cus12@jhship.com.cn>
Subject: FWD: Possible CTM delivery
Attachment: Scan-1938002235_pdf.arj (contains "INVOICE-1938002.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.5937.21320.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:57:05 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dixobuh4zznafv2pa2zaducgfm5fp4elmf7533jducems7x7ojta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 1a2ee0d0fcce5a02d74f06b201d0462b3a57f08b617fdded23a088c97eff7266

(this sample)

HawkEye

Executable exe e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3

  
Dropping
MD5 976214501e8f1a06a4744538c2e5e60d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3

Comments