MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34a0195d2ae0b823b93f04055b70737e296a0b7e22ad914aca1ccc3e1954d598. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34a0195d2ae0b823b93f04055b70737e296a0b7e22ad914aca1ccc3e1954d598
SHA3-384 hash: b9fe00bb098372a137af1d476ba5461ffe61954138f601bf52c8a92d0c92f1b763d72c5d5ee0787a0cdcc3d9a446f1d7
SHA1 hash: bb678078c5cd469ea010f7eefa2de23b5ac95dd4
MD5 hash: 34bd528ee552d6630ac8bef8a1521272
humanhash: maine-october-illinois-ceiling
File name:071020207659825.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:617'409 bytes
First seen:2020-10-07 10:45:57 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:vYoN9P8tmNmrvnlRhaepHe6IF37BvtKuLJJUoE5QboPfm4qHMaxVZ:x3P8UEr/lXm9Bvt58oArPwMaVZ
TLSH 26D42323B7A0DD7E195D7EADBCE771980B162C9B59795980E70C800DB2AFCC061ADE70
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: ubaseinternational.com
Sending IP: 104.168.219.19
From: jasonkim@ubaseinternational.com
Subject: RE: ATF SUM21 Knit Top #UB19-60951-1
Attachment: 071020207659825.PDF.z (contains "071020207659825.PDF.exe")

HawkEye FTP exilf server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34a0195d2ae0b823b93f04055b70737e296a0b7e22ad914aca1ccc3e1954d598/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 10:23:14 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gsqbsxjk4c4choj7aqcvw4dtpyuwuc36ekwzcswkdtgd4gku2wma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34a0195d2ae0b823b93f04055b70737e296a0b7e22ad914aca1ccc3e1954d598

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 34a0195d2ae0b823b93f04055b70737e296a0b7e22ad914aca1ccc3e1954d598

(this sample)

HawkEye

Executable exe 21359248fdd77b3fb66b1910399bbf0f3433e47cd97bc8a6244716e34280c877

  
Dropping
MD5 8d77adea84c3a48380dba70b8e60ec09
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21359248fdd77b3fb66b1910399bbf0f3433e47cd97bc8a6244716e34280c877

Comments