MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54edef0dfb1a046fb1afaa3517c7092b3e2a458f1c875906388b2d292cb96690. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54edef0dfb1a046fb1afaa3517c7092b3e2a458f1c875906388b2d292cb96690
SHA3-384 hash: e7087bc8bbae844308a06524faa8657423c16833f1ce56ee36b26499cddddf0ecb5beaebe9856126a092e4a2a9f8828c
SHA1 hash: 98b81b3dd21588b7532ae44cd98fd66559a641df
MD5 hash: 3ca4cc723976827383c8bc349868c573
humanhash: speaker-kitten-bravo-steak
File name:98764737722.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:712'257 bytes
First seen:2020-07-28 14:26:00 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:BnwOvcRwru20OEpMpgGGnw6Z+3ivREidJ6bCBDsief2anENCsqg2Mb:BYQSpMmGotZ+3nmt4rHNgjb
TLSH 8BE4338D8A5EBC6DEB02066EACFAA4571B3C0C72565597E68C40A5CF3F3EC02D4D2E05
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: gl-host101.tenten.cloud
Sending IP: 150.95.111.186
From: KASIKORNBANK PCL <tradefinance@kasikornbank.com>
Reply-To: infu25@gmail.com
Subject: DETAIL OUTSTANDING REPORT from KBank (METECNO PANNELLI(THAILAND))[062514170]
Attachment: 98764737722.PDF.z (contains "98764737722.PDF.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.52666.16356.20559.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54edef0dfb1a046fb1afaa3517c7092b3e2a458f1c875906388b2d292cb96690/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-28 14:27:06 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ktw66dp3dicg7mnpvi2rpryjfm7curmpdsdvsbryrmwsslfzm2ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 54edef0dfb1a046fb1afaa3517c7092b3e2a458f1c875906388b2d292cb96690

(this sample)

HawkEye

Executable exe 2be5f97b6c1e1a59e9e19b41de55ab517fcd423773ae51b3b4cd18bc0dbcd037

  
Dropping
MD5 76fb3b8f5af85c90cd1d2552dc2e49e4
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2be5f97b6c1e1a59e9e19b41de55ab517fcd423773ae51b3b4cd18bc0dbcd037

Comments