MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b7437d6d9e8778abee6b93cae21216526bbf1441f35e6f2a3e93afccbeea0f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b7437d6d9e8778abee6b93cae21216526bbf1441f35e6f2a3e93afccbeea0f5
SHA3-384 hash: 9408457518ab66f633f3e244b3681352bbe5765894dd9dfd2e01eca79162e27ac0a93a7bd1b1fc3c05a16a77b5c311b4
SHA1 hash: 805062ec2d307c37bbb64e99c0cef83f6b0b403e
MD5 hash: bddd6bf7b5924b607b989367e1ffe349
humanhash: batman-black-black-yankee
File name:Payment_slip.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:458'667 bytes
First seen:2020-07-21 07:00:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:mLkXLMVHGxkTkrTUoQAzPqTa85scgBaaHVrUEDKb+3Sa:JLq2kITOAzym85scJaHVIEObCSa
TLSH 80A4237B8D7A5B60F0F35CB62D48D21E9C5C9345491A22DF268E37120587ABCED0A2DE
Reporter abuse_ch
Tags:HawkEye WellsFargo zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: 53-7-static.mxserver.ro
Sending IP: 46.102.249.75
From: Wells Fargo Bank <Payment@wellsfargo.com>
Reply-To: s.peters.edur@bk.ru
Subject: payment
Attachment: Payment_slip.zip (contains "Payment_slip.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.68844.21764.7688.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b7437d6d9e8778abee6b93cae21216526bbf1441f35e6f2a3e93afccbeea0f5/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 07:02:07 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jn2dpvwz5b3yvpxgxe6k4ijbmutlx4ked426n4vd5e5pzs7oud2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4b7437d6d9e8778abee6b93cae21216526bbf1441f35e6f2a3e93afccbeea0f5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 4b7437d6d9e8778abee6b93cae21216526bbf1441f35e6f2a3e93afccbeea0f5

(this sample)

HawkEye

Executable exe d88b00afe502517f9415ac41667410acfc0bdbd7d74389de73256aafd8f7d5eb

  
Dropping
MD5 dd5539211a7dbadc605519dcc406e2d0
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d88b00afe502517f9415ac41667410acfc0bdbd7d74389de73256aafd8f7d5eb

Comments