MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 372150fca7cfea0299db062ab873055647dfc32cd773398e2af1aeb685156615. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 372150fca7cfea0299db062ab873055647dfc32cd773398e2af1aeb685156615
SHA3-384 hash: 4f9518fa84754cd72a0d615d4d55fd017c31cf32d4ded9706cfdd5cfd6a9903c3568efc0edb9784e796d98505dd88060
SHA1 hash: aad824281e5f9cf760aa54d048e377d775596cb5
MD5 hash: 4d11dbd94ed675c8ecc279567385d931
humanhash: edward-winner-indigo-cardinal
File name:PAYMENT_SLIP.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:485'694 bytes
First seen:2020-07-16 10:40:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:u9FxJpGkWF0IRhXQ2M+vL2bwRmdYX4soo07KQ+:SFTpGrCh2v2sRSo4soEf
TLSH 6FA42357125CB938F8B29DF353151D19BC08E6BB67D2C04821229C89E4ECD1E9F09E7B
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: 53-7-static.mxserver.ro
Sending IP: 46.102.249.75
From: Wall Fago Bank <payment@wallfago.com>
Reply-To: mark@zoomwebmedia.com
Subject: payment
Attachment: PAYMENT_SLIP.zip (contains "PAYMENT_SLIP.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.11135.18147.32596.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/372150fca7cfea0299db062ab873055647dfc32cd773398e2af1aeb685156615/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:42:08 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4qvb7fhz7vafgo3ayvlq4yfkzd57qzm25zttdrk6gxlnbivmykq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 372150fca7cfea0299db062ab873055647dfc32cd773398e2af1aeb685156615

(this sample)

HawkEye

Executable exe aacbdc4e71933d3b1315ffaf853ae20db13b8ba6442f250d8207ec1018d1ac53

  
Dropping
MD5 585b758048738f9b6c7fdccda7670e7e
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aacbdc4e71933d3b1315ffaf853ae20db13b8ba6442f250d8207ec1018d1ac53

Comments