MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7babe2e4cc9c55fe28dab2b99b0800e83de9c736fd0da96c1e37fe2f1ed5592a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7babe2e4cc9c55fe28dab2b99b0800e83de9c736fd0da96c1e37fe2f1ed5592a
SHA3-384 hash: 548a7b08bfa1c880c74a6d61588015a0b80e14e4b84fc6694ba563c7e0edf8b765123fd4656874696f0b85ec10f1d5d2
SHA1 hash: faba97ebe6862aebc5f3a777140757df1692917b
MD5 hash: ade956bb79b799bd247b713dab3a13b2
humanhash: crazy-mango-bacon-equal
File name:Payment Advice 80642111.r00
Download: download sample
Signature HawkEye
Create hunting rule
File size:700'612 bytes
First seen:2021-02-24 06:25:33 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:51U/DFqT9tUshzE4PM2yiKTqOk0OpqcK02iqTO8/R:3SFuroUTyiKTr6fK0vqCgR
TLSH 42E4234C4DC86933297958D6EC22FC4132B0C6A4C187295F1CA9F9BEB6BED32E95F540
Reporter cocaman
Tags:HawkEye r00


Avatar
cocaman
Malicious email (T1566.001)
From: ""Anil Account" <anilg@herculesequipments.com>" (likely spoofed)
Received: "from herculesequipments.com (unknown [45.137.22.101]) "
Date: "23 Feb 2021 10:07:29 -0800"
Subject: "Receipt of Payment Advice Details"
Attachment: "Payment Advice 80642111.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7babe2e4cc9c55fe28dab2b99b0800e83de9c736fd0da96c1e37fe2f1ed5592a/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 10:53:23 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pov6fzgmtrk74kg2wk4zwcaa5a66trzw7ug2s3a6g77c6hwvleva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

r00 7babe2e4cc9c55fe28dab2b99b0800e83de9c736fd0da96c1e37fe2f1ed5592a

(this sample)

HawkEye

Executable exe 6f2af9503a84bf2c99e0bbf735b953a7551f7ff78f87c9ad84e8aff091f2ae10

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6f2af9503a84bf2c99e0bbf735b953a7551f7ff78f87c9ad84e8aff091f2ae10
  
Dropping
HawkEye

Comments