MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d9767ba1d3cb2067cda8a8b0ec9a8f6550453f74721b6f0da218a5be41cf9c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d9767ba1d3cb2067cda8a8b0ec9a8f6550453f74721b6f0da218a5be41cf9c1
SHA3-384 hash: 5b4b604445a2828875146184dd38661dc4c53be6e6705c87976944630de1a9792cf6ca6bd566fea712c68fda74396f34
SHA1 hash: 4de1601a9dee2a88f3f2da9194cf0d6cc9f90dd4
MD5 hash: 299be880549518d16a66d99f2215a2bf
humanhash: twelve-emma-stream-vegan
File name:PO3902939304.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:632'023 bytes
First seen:2020-05-01 11:29:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:0e4EkaP2AJRR39b0HUxVIDdFW9tROoruN798D9M3YE/0:0fAJRN9b0HUPZzRQNqD63YA0
TLSH 5CD423BF34E9DB96C97C7C812E2B674931752CE5A1923153F68D806E532DC04A71C3BA
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: ybironout2b.netvigator.com
Sending IP: 210.87.250.76
From: Christina <chantsu@chantsu.imsbiz.com.hk>
Subject: Re:PO99007 - 30,000MT
Attachment: PO3902939304.zip (contains "PO3902939304.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7744093-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.ELSC.32193.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 11:36:04 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwlwpoq5hszam7g2rkfq5sni6zkqiu7xi4q3n4g2egffxza47haq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 3d9767ba1d3cb2067cda8a8b0ec9a8f6550453f74721b6f0da218a5be41cf9c1

(this sample)

HawkEye

Executable exe 0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c

  
Dropping
MD5 ab0e982a52e2b90858413c0b49102fa1
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0be2fd26cdd52bc071b076fc7350077db4962173366192cbc9870df8b3cb234c

Comments