MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 429196ef3a0237a6640791e377e4bbd7aa909838704aee766f7af6c0c788e84b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 429196ef3a0237a6640791e377e4bbd7aa909838704aee766f7af6c0c788e84b
SHA3-384 hash: f8bdfb80e47f8fbd09ebfde3c04815dcddb5c83e4eaf5d8cd2e3b9a2e353ad6d06cd4675c6d3ec877e03e30bb9bee2dd
SHA1 hash: 1b9863f5c2412719c90797e9ebe928582c22fe8c
MD5 hash: e9d70a00ce37130db2a07f0597001349
humanhash: alaska-video-east-south
File name:78746455-050212020.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:535'469 bytes
First seen:2020-05-21 09:54:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Dx/HiaR3hU59ONpn75uCrhwbfzkoGxUsdkiYPQa:BRxo9sjuCAzkoaUsmrx
TLSH F0B4234E5A6755F8A03C1F7983604C3E719DDDD32B23503FF074392A96398468BB2AE5
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: hansoll.com
Sending IP: 192.129.189.208
From: Choi, Yoo-Ri<yrchoi@hansoll.com>
Subject: RE:Hansoll-A&F color comments for BULK Order (05/21/2020)
Attachment: 78746455-050212020.zip (contains "78746455-050212020.PDF.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.12176.11480.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25510.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 12:14:48 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ikizn3z2ai32mzahshrxpzf326vjbgbyobfo45tppl3mbr4i5bfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 429196ef3a0237a6640791e377e4bbd7aa909838704aee766f7af6c0c788e84b

(this sample)

HawkEye

Executable exe 2e6d01252c1c1469683b9412b4f2eefcd05bd8b433c8811b72ea0ab717cd1615

  
Dropping
MD5 928488c4d90386f5068c3a3eca382aab
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e6d01252c1c1469683b9412b4f2eefcd05bd8b433c8811b72ea0ab717cd1615

Comments