MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72f96dc964db23cb32eea5f54f2b8971c869c7fd860be2c843e06857c3700175. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72f96dc964db23cb32eea5f54f2b8971c869c7fd860be2c843e06857c3700175
SHA3-384 hash: cb81571d9d87a01b964e7a6317801c37c8104da5fe2406224c8c05af04ccefcfe9a3b64430e36aeb3cdb3a49a211c29c
SHA1 hash: 0d4ab2b552acbdc7a0decc24a49c4c955d268f5f
MD5 hash: c3f73e4c96a3804d17417dd89c8bc154
humanhash: leopard-bacon-eighteen-hawaii
File name:Pagamento.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:473'922 bytes
First seen:2020-06-02 10:35:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ZGzC8xL00EF55WdvDdRMUdNw6+ubrnSaiib2cmXa7T:Zdq5I55WJDdRNdxbTS7ib2cmXaH
TLSH 67A42348D3DB96CB3A6D747D3C4E814F60AE5D4877DAF1B235A30D3DADB26A38102219
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

From: Bank Technologies Inc <office@eshoes.gr>
Subject: pagamento
Attachment: Pagamento.zip (contains "Pagamento.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 21:38:37 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ol4w3sle3mr4wmxoux2u6k4johegtr75qyf6fscd4bufpq3qaf2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 72f96dc964db23cb32eea5f54f2b8971c869c7fd860be2c843e06857c3700175

(this sample)

HawkEye

Executable exe 3ec241071c7e4652915d56d349936696967e54a34d4943a51bdb20a91893331b

  
Dropping
MD5 a0b40665ef66d19cc0dffc2341d8cc05
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ec241071c7e4652915d56d349936696967e54a34d4943a51bdb20a91893331b

Comments