MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34d4dc5f7437c48290cb51abfce2bbe1740d4d0350ccaa305ab849994e7c0539. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

HawkEye

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	34d4dc5f7437c48290cb51abfce2bbe1740d4d0350ccaa305ab849994e7c0539
SHA3-384 hash:	60b58fbef159a171f1dab4ff83d97243bc0c36b6c27cbb2e52f4cc71415a399ba4c52f517bb0cda6aa5349ecb4783fb2
SHA1 hash:	10063a3567c5d87ba70b7ce9e1418905d6529e97
MD5 hash:	cde2568cf2736535952ba6419c94265f
humanhash:	iowa-uncle-delaware-eighteen
File name:	COVID-19 06193-pdf.7z
Download:	download sample
Signature	HawkEye Create hunting rule
File size:	2'251'190 bytes
First seen:	2020-05-06 16:48:22 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	49152:v3Lo7fSMvsNUSHVqHohJ3Nh3wEu+WfzXsuRV3NpbaN4IqLa/keJUW4Yv:jLMviVVZfp+5z8O3LbQ8eGW4q
TLSH	70A5332E97E85D7AC19BBFDE84A8E920811738C3F4C9F6781F2D483A4D845336B5C466
Reporter	abuse_ch
Tags:	7z COVID-19 geo GRC HawkEye

abuse_ch

Malspam distributing HawkEye:

HELO: linux1447.grserver.gr
Sending IP: 46.4.43.189
From: Audrey BASTIDE <audreyb@atelieralainellouz.com>
Reply-To: Audrey BASTIDE <dustiutd12@hotmail.com>
Subject: ΠΑΡΑΓΩΓΗ COVID-19 (FACE MASK, TEMPERATURE GUN AND LATEX GLOVES)
Attachment: COVID-19 06193-pdf.7z (contains "COVID-19 # 06193-pdf.exe")

HawkEye FTP exfil server:
ftp.kassohome.com.tr:21

HawkEye FTP exfil user name:
bringlogs@kassohome.com.tr