MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 520a7a3fc26f8bb2fc2e4b5ce4e775183e8f92e7b334e97cf2b7dda3c0353395. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 520a7a3fc26f8bb2fc2e4b5ce4e775183e8f92e7b334e97cf2b7dda3c0353395
SHA3-384 hash: 18f7ce8f51addf34e427d44bd7ace8dd7b700bcc89d0732e017fc1282fb77a38ae7615e1fd3ccd95269bfd4c21e97e79
SHA1 hash: e57738ef936c2e2162a9ffce2f8349e4cc90a299
MD5 hash: bfe55317b112bfdd8ae377c2e3facff5
humanhash: michigan-papa-summer-item
File name:DHL AWB 406506482.iso
Download: download sample
Signature HawkEye
Create hunting rule
File size:758'033 bytes
First seen:2020-06-30 06:03:55 UTC
Last seen:2020-06-30 08:47:58 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:6Hazt+PpDxTdlXO6GcUs5IVc1VCenHezga/LASXmE9GrnVn05JR2bx/AkmpwZjZ6:6ZPDdscUsuVc1VCC8LAStsrnKp2pA+41
TLSH EDF433A7966045B2BD568C9CCE6113438D06B720DCAD530728EFDA8F62B972C0E745EB
Reporter cocaman
Tags:HawkEye iso


Avatar
cocaman
Malicious email
From: DHL EXPRESS <noreply@dnl.com>
Received: from mail.amdigital.ro (cw176-abf-agb55.romania-webhosting.com [176.126.172.55])
Date: Tue, 30 Jun 2020 05:45:28 +0100
Subject: Re: ==ARRIVAL NOTICE===DHL (AWB) Delivery Notification***Docs for
Customs clearance
Attachment: DHL AWB 406506482.iso

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/520a7a3fc26f8bb2fc2e4b5ce4e775183e8f92e7b334e97cf2b7dda3c0353395/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 06:05:12 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kifhup6cn6f3f7bojnoojz3vda7i7exhwm2os7hsw7o2hqbvgokq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar 520a7a3fc26f8bb2fc2e4b5ce4e775183e8f92e7b334e97cf2b7dda3c0353395

(this sample)

HawkEye

Executable exe f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4

Comments