MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 674b6a15f88d56fd86dd661440f7ce0c1cd8a8c6e5d3b3a699f3f46b5d8d8e7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 674b6a15f88d56fd86dd661440f7ce0c1cd8a8c6e5d3b3a699f3f46b5d8d8e7d
SHA3-384 hash: 80db76bf45f1fa4b0469477904d7da2e671b16f81215e92cab8e0f7870f044fbe9123d2468d238fa37bafae07d8b01ba
SHA1 hash: 02cf7619a9a068ea2b5db440cbe92052dad5152e
MD5 hash: 04f1446f294db4431eff1d5d18bb912a
humanhash: mississippi-helium-michigan-summer
File name:order17062020BN77384.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:600'864 bytes
First seen:2020-06-17 10:16:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:QnVtAVzLvl7c17LtQs9fQuQaiZbL3FqLMmk6cjoiYH7mWdBGBpoVsHw:2ValCLlp/ip3Fv6cjoiq1wfoVCw
TLSH A4D423DC96A05B2D66E3C0D2AD7D08E7E042670C338EC4F547AB096C09EE692DE6DD47
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: shmx.tama5cci.or.jp
Sending IP: 60.32.68.163
From: Purchasing Manager <info@tama5cci.or.jp>
Reply-To: dh_derhawk@126.com
Subject: Re:ORDER-04350316//4183000102292563
Attachment: order17062020BN77384.zip (contains "order17062020BN77384.exe")

HawkEye SMTP exfil server:
smtp.urban.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 10:37:07 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m5fwufpyrvlp3bw5mykeb56obqonrkgg4xj3hjuz6p2gwxmnrz6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 674b6a15f88d56fd86dd661440f7ce0c1cd8a8c6e5d3b3a699f3f46b5d8d8e7d

(this sample)

HawkEye

Executable exe a2966a3e5a7753ea245a9e5228cf96d631e15a3777a5b2550724bed0f646784a

  
Dropping
MD5 eeff91ec45d81b553a4772c1183be863
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a2966a3e5a7753ea245a9e5228cf96d631e15a3777a5b2550724bed0f646784a

Comments