MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 571c7f087c4d981fbb5f55a5f496cc575220a3d6d036449fbfa22aabff30e751. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 571c7f087c4d981fbb5f55a5f496cc575220a3d6d036449fbfa22aabff30e751
SHA3-384 hash: eec76ee845f640d11c3cc0c909bba122b47fb4fd95e69e83061ddd4046136a78df8915119957fa6204f32b02729b2895
SHA1 hash: 37b0b5317e87460deeb5f7317dae9a2045fe0d24
MD5 hash: 264a9ef1d8bee99ad5186bdf771f8b35
humanhash: mike-victor-edward-uncle
File name:DHL 90846662302020.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:560'815 bytes
First seen:2020-05-28 07:42:31 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:yGNtih/sTYxcvGDzDJh72c3L4c7QB2zPSC7BnnpcROC4EIvq/eF7:FCtsT1AzDJ9Tr7xPDdpcROEeMeB
TLSH 11C423EF3F6AB362F4B157D8A8D80000651A1EA7E0942C8C35A1567BDD133F2AD35B65
Reporter abuse_ch
Tags:DHL HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: gl-host101.tenten.cloud
Sending IP: 150.95.111.186
From: DHL | Express <consignments-notification@dhl.com>
Reply-To: dhlhr@dhl.com
Subject: RE: DHL单号 Shipment Notification
Attachment: DHL 90846662302020.PDF.z (contains "gunzipped")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Artemis3956A314271F.14689.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:51:13 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 571c7f087c4d981fbb5f55a5f496cc575220a3d6d036449fbfa22aabff30e751

(this sample)

HawkEye

Executable exe d27d51b27254802f1da9473d7808dc21036ee08ec6298c85a5e25becf7ba5508

  
Dropping
MD5 22236db9e1d4d03055f5104865e532bf
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d27d51b27254802f1da9473d7808dc21036ee08ec6298c85a5e25becf7ba5508

Comments