MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3751635187199774120594eb20fbfad3ccfb740aa0d84870a13851e965920670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3751635187199774120594eb20fbfad3ccfb740aa0d84870a13851e965920670
SHA3-384 hash: 170f9f18d98da266c242777f81fba201d227c4b062c4f772db82bd9bf1c3a618a117a51ff18c9baa4b64543264b5fdc4
SHA1 hash: 1d91b9212aca39e86fa0c092dbeab96a6ce2e222
MD5 hash: 1b8c449b20cbde1c868ad536ec619a06
humanhash: cold-nevada-arkansas-nuts
File name:Payment_Invoice.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:447'205 bytes
First seen:2020-06-04 09:10:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:4e2opHOrqecxisxI0+IFcM+sj5gwrg05uy:4eLpHOrZcxDxh+IgKmwrg05j
TLSH 299423C3CD85936408AAA09E055DA4D167CFAC44DC73AA8DF16B09D6B059FB30F126EF
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: ded4519.inmotionhosting.com
Sending IP: 192.249.120.191
From: contabilidad@grupo-vision.com
Subject: payment invoice
Attachment: Payment_Invoice.zip (contains "Payment_Invoice.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 09:36:20 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g5iwgumhdglxieqfstvsb6722pgpw5akudmeq4fbhbi6szmsazya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 3751635187199774120594eb20fbfad3ccfb740aa0d84870a13851e965920670

(this sample)

HawkEye

Executable exe 9ab98e8d67aa054c7d860cb54100954bfc5429cce7b4fb9bb1d69ddc3f43d2ce

  
Dropping
MD5 4a3924201a619a62cd641f16b8e61fe7
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ab98e8d67aa054c7d860cb54100954bfc5429cce7b4fb9bb1d69ddc3f43d2ce

Comments