MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f2f43ce00f4da61888c2134dfbf8d633bcef710e187fc6829e13746c3486b51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f2f43ce00f4da61888c2134dfbf8d633bcef710e187fc6829e13746c3486b51
SHA3-384 hash: 2ee595ff00e53bbbd98aaf937e65b8997f513205cfd3ac5b0298b42f26b754fc1eb5ae2b310b35feaa0fcd7a7e04572d
SHA1 hash: 985b2d4fcb5870249b98c9b0129d16b2e1827ebb
MD5 hash: a642e1efbc883f41d91311661f628396
humanhash: ohio-november-timing-arizona
File name:Shipment Details.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:430'164 bytes
First seen:2020-06-19 06:03:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:dcKzJCtUeTYXDHLmQ+z15Mv6TCoRgrgOhkfd:2qXHm5zjTC7zkfd
TLSH 9D9423236549911EE0B38831916E077708F3997AC5CAE2FE31B98708BFEFF665402E51
Reporter abuse_ch
Tags:DHL HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: linux687.grserver.gr
Sending IP: 185.4.133.224
From: DHL DELIVERY SERVICE <shipment@dhl.com>
Reply-To: s.peters.edur@bk.ru
Subject: Re: Shipment Details
Attachment: Shipment Details.zip (contains "Shipment Details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.262.27952.28052.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Golroted
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 02:51:30 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4xuhtqa6tngdcemee2n7p4nmm5455yq4gd7y2bj4e3unq2inniq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 4f2f43ce00f4da61888c2134dfbf8d633bcef710e187fc6829e13746c3486b51

(this sample)

HawkEye

Executable exe c708333db7d412d29df106d7ee49279876dc382a22f889fa942416844cdf5b58

  
Dropping
MD5 bfd00c9151b6a28d6a4846b7ffb5721f
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c708333db7d412d29df106d7ee49279876dc382a22f889fa942416844cdf5b58

Comments