MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32a448021d842383b8132ea1bf073bc3558d558758ed947ad305dbf5b5e05279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32a448021d842383b8132ea1bf073bc3558d558758ed947ad305dbf5b5e05279
SHA3-384 hash: 22c348de78e3c6f94126dad5004d70153a793e7b70879645a9dc2241d773717f67890650e2954217d706a43bf6ee28ba
SHA1 hash: 3cdf59aa449f845805e94a2eba6ef7e57fb63ca3
MD5 hash: 77b4a0261735a454549c7059134d0fde
humanhash: uncle-indigo-fruit-massachusetts
File name:ORDER15102020.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:641'962 bytes
First seen:2020-10-16 10:34:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:r/sQyoZbAqvMgOVdOinuV/90ZH2YdfY8+IqH5qcV3sNdlLgdzwcMZDre71+R:rpbA9g2ORUqcqz8387y3d
TLSH 12D423C0FB6915BB253AC41886112EC3FE6C4147245B0B8B85FEB4657085BE3BBEB85D
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: server.ittronhosting.com
Sending IP: 128.199.114.0
From: EXPORT <support@docs.ittron.web.id>
Reply-To: dh_derhawk@126.com
Subject: Re:RV: INVOICE PACKING LIST
Attachment: ORDER15102020.zip (contains "ORDER15102020.exe")

HawkEye SMTP exfil server:
smtp.amargrand.mn:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.21088.18222.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32a448021d842383b8132ea1bf073bc3558d558758ed947ad305dbf5b5e05279/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 22:08:01 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gkseqaq5qqryhoatf2q36bz3ynky2vmhldwzi6wtaxn7lnpakj4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/32a448021d842383b8132ea1bf073bc3558d558758ed947ad305dbf5b5e05279

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 32a448021d842383b8132ea1bf073bc3558d558758ed947ad305dbf5b5e05279

(this sample)

HawkEye

Executable exe 6dcb0d54ba218f62d9f2abea5016a869598bc984e5c03bfc63adac085456a571

  
Dropping
MD5 420b35e94a60ed57bbde123f0039f16f
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6dcb0d54ba218f62d9f2abea5016a869598bc984e5c03bfc63adac085456a571

Comments