MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6abdfcff364bdc1394db18041c39a227cbb1ae3f20b93a88c489256bb945ae6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6abdfcff364bdc1394db18041c39a227cbb1ae3f20b93a88c489256bb945ae6b
SHA3-384 hash: 7fa95d767a7cfa8073ea83b39d45d60d296ad884702cdc2afb665b3918dc64c86a6f895ffc1beb3f79d098251425d366
SHA1 hash: f2d75818448ba13c94ae1516a9eb7091b5fc3d56
MD5 hash: 02b5d61f0b03d2d79b3bf30f31c3ca47
humanhash: iowa-whiskey-saturn-edward
File name:po9076.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:553'181 bytes
First seen:2020-05-22 08:45:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:hLt7aj/zZNkgrml1yYwo/JpMdKWPrqUoJBKW3wKu:LGXnivco/JwKWDqUwnu
TLSH 02C423411AD80B4CBBB84D17EB689B6C14F9369547CE58E39E94F2DA04A204FFE35E0D
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: bizsmtp3.net4india.com
Sending IP: 118.67.248.95
From: Christina <info@indiarecruit.com>
Reply-To: dh_derhawk@126.com
Subject: RE: PO#: EF17BA/0-00661
Attachment: po9076.zip (contains "po9076.exe")

HawkEye SMTP exfil server:
smtp.urban.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 09:36:03 UTC
File Type:
Binary (Archive)
Extracted files:
307
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 6abdfcff364bdc1394db18041c39a227cbb1ae3f20b93a88c489256bb945ae6b

(this sample)

HawkEye

Executable exe eecbe758a692cc70ab127dc524c1b63d687c875795ebc6a62145f58686da0c71

  
Dropping
MD5 d001002441f43caca2644e9a3f8d9ec3
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eecbe758a692cc70ab127dc524c1b63d687c875795ebc6a62145f58686da0c71

Comments