MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7213a0e7dd5e84a4a65fdd506093770e59792c65637df354a266d4ee63a0fa65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7213a0e7dd5e84a4a65fdd506093770e59792c65637df354a266d4ee63a0fa65
SHA3-384 hash: 2572a257181ddd1a321bb5570cc219e003294f160e836c0a7f9e7b4c1a95f24fec4eea684c15a056a2fe274db82f9565
SHA1 hash: 10bdd727582914da6852c66b8cfb6e6d866a7969
MD5 hash: 86f37b964b32061c8027e3332016082a
humanhash: maryland-zebra-spaghetti-ohio
File name:order15062020944758666.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:613'493 bytes
First seen:2020-06-15 12:21:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Gj8Yy3ohWriWsZVIO+d/L6OpXDQLif1BW1D7xdcdfUpH+JAbL6lKiWpi:8ryegiWsZVSW4u+Lwvxk0R2l7Wpi
TLSH 4DD42323858F708D4D66D3DE5BAF92F9242B37B6032DE1E89198A34E4310DDEF04AD46
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: shmx.tama5cci.or.jp
Sending IP: 60.32.68.163
From: Purchasing Manager <info@tama5cci.or.jp>
Reply-To: dh_derhawk@126.com
Subject: RE:RE:REF# 200816:C1090068 R21-441450
Attachment: order15062020944758666.zip (contains "order15062020944758666.exe")

HawkEye SMTP exfil server:
smtp.urban.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.GenKryptik.EMFN.12147.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:23:13 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oij2bz65l2ckjjs73vigbe3xbzmxsldfmn67gvfcm3ko4y5a7jsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 7213a0e7dd5e84a4a65fdd506093770e59792c65637df354a266d4ee63a0fa65

(this sample)

HawkEye

Executable exe 5321f28c4dc096dbf5eda4f882cb97f22acd91fa73826ccaa64d4e9b66f12499

  
Dropping
MD5 af125a9d30de93e3208b8672187e9bc7
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5321f28c4dc096dbf5eda4f882cb97f22acd91fa73826ccaa64d4e9b66f12499

Comments