MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e04b0f0f29f7ca5b7620d63d7d36a64db43f6d922aab01030f4f70300b97580. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e04b0f0f29f7ca5b7620d63d7d36a64db43f6d922aab01030f4f70300b97580
SHA3-384 hash: 4f00e611dc617f2fc154bde944dc2170dd944f8da353b9d6e774049aef164e8766767d909417da22db3cf0c0a34df2e3
SHA1 hash: 0c06f0fad901c2138d1a6ec5df7321e72d4b1aa5
MD5 hash: 46a7984b969b757a5df89ed618e177c4
humanhash: north-pluto-november-london
File name:103002994-05102020.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:579'603 bytes
First seen:2020-10-05 11:53:11 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:ONiL+2uAtKBLsVaZLPKfV3Te1Q0OYEYMGz13Kjqd:ONi5TgFsC7K930OYRMGFKi
TLSH 71C423029A565B2AF8FC48EC6C126BF6CDC16788A4B773CE298F54341F059F1C6296D8
Reporter abuse_ch
Tags:Endurance HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: 192-254-222-104.unifiedlayer.com
Sending IP: 192.254.222.104
From: K-eDocument <tradefinance@kasikornbank.com>
Reply-To: adcim.llc@gmail.com
Subject: Remittance Advice - Payment Doc. No 2000062831
Attachment: 103002994-05102020.PDF.z (contains "103002994-05102020.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e04b0f0f29f7ca5b7620d63d7d36a64db43f6d922aab01030f4f70300b97580/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-05 07:08:17 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyclb4hst56kln3cbvr5pu3kmtnuh5wzekvlaebq6t3qgafzowaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/6e04b0f0f29f7ca5b7620d63d7d36a64db43f6d922aab01030f4f70300b97580

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z 6e04b0f0f29f7ca5b7620d63d7d36a64db43f6d922aab01030f4f70300b97580

(this sample)

HawkEye

Executable exe 4c4263662c38d04fe144ffeb889434b964dad9c76862718fc851f4d218f84e6b

  
Dropping
MD5 f644cd099e7c89a4edfd3bdc7c1659e2
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4c4263662c38d04fe144ffeb889434b964dad9c76862718fc851f4d218f84e6b

Comments