MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59643cb09c6697e43bcb64c8ade22b23c0a95a5ef4106603ce2ead7551af4e20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

HawkEye

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	59643cb09c6697e43bcb64c8ade22b23c0a95a5ef4106603ce2ead7551af4e20
SHA3-384 hash:	361abdbb641141844b7a9bacbc30974bc94f52fd76a65a40fbb65e4d4cfca41eab0c859cda3a8f7dda34b6621be4efa5
SHA1 hash:	11f9fa602cfffe6f37073642e69e925b2038e261
MD5 hash:	475b1e4502023c5cc2a1fd977d7e3098
humanhash:	east-bulldog-vermont-oscar
File name:	BID ITB.zip
Download:	download sample
Signature	HawkEye Create hunting rule
File size:	698'404 bytes
First seen:	2020-10-15 12:05:37 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:IQrRwd4X1Xu5ZnqcYo+4rcc2iySoXXfFLnGzo7X0CD80pRBSS/d4yREX3ko22:IQrRwOXhuOWrHyZvtGkX1VpRx4qEkoT
TLSH	12E423C945D12497ECC7136EDC26F1DD8B52621E59222BCE6DEB990F626FBF102C7220
Reporter	abuse_ch
Tags:	HawkEye zip

abuse_ch

Malspam distributing unidentified malware:

HELO: serv.misrsteel.com
Sending IP: 138.201.220.106
From: CAROLINA SILVIA <info@saudiaramco.com>
Subject: RE :TENDER TITLE: OCTOBER MASSIVE DUALIZATION AND EXPANSION OF SAUDI ARABIA GOVERNMENT OWNED OIL AND GAS COMPANIES.
Attachment: BID ITB.zip (contains "BID (ITB).exe")