MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c36a5e782d071523e010a4cd4775d0cb94f68f260a2dbf8312483daa10ac774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c36a5e782d071523e010a4cd4775d0cb94f68f260a2dbf8312483daa10ac774
SHA3-384 hash: 627e79d56eb6b4dc9b99833aba3d42f328866c91d48609f3b1c8d86a1910e56e18346bc2bcf5d1f969100404ba75a847
SHA1 hash: 2a5c870613340525c1d96b6f9d1532144b97d220
MD5 hash: b4aebd151084f3722e45f6650dfc19ae
humanhash: cold-minnesota-mississippi-glucose
File name:Scan0005212020.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:534'991 bytes
First seen:2020-05-21 10:06:52 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:CkU0l8lBLeWiBPrRXujHWw28KtuB0gbWrc+RlM4VAK6Um:dEiFdG2w2JtJConMq65
TLSH 11B4236BF7E6FDD68093D20B86307E5164A402F79E52A40EE6ADC32C2585D7B4B783C1
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: hanmail.kr
Sending IP: 192.129.189.208
From: MGFAccountsPayableFE<MGFAccountsPayableFE@hanmail.kr>
Subject: Important MGF Sourcing Payment Notification
Attachment: Scan0005212020.PDF.z (contains "gunzipped")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.12176.11480.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25902.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:48 UTC
File Type:
Binary (Archive)
Extracted files:
295
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fq3klz4c2byvepqbbjgni525bs4u62hsmcrnx6bresb5viiky52a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 2c36a5e782d071523e010a4cd4775d0cb94f68f260a2dbf8312483daa10ac774

(this sample)

HawkEye

Executable exe da866a078435360a2134c5526de8d10a68d5d028aa0decddcc9902748ca42f31

  
Dropping
MD5 70654394959fd8a1c31d1f5ec4ed1c4a
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da866a078435360a2134c5526de8d10a68d5d028aa0decddcc9902748ca42f31

Comments