MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 851a765508e1ababa0c06808116d34e51d75599129b9df3288ba3d35e160dc75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 851a765508e1ababa0c06808116d34e51d75599129b9df3288ba3d35e160dc75
SHA3-384 hash: aca171722ab9703136744043ffb12e06fcf59569c990926dfb17add1a08a3c87f59fc9842d650ea661f83bac8c588f03
SHA1 hash: 480e6828dcc42192b53442bf15c21003a4f47220
MD5 hash: c9818f19dd013b0c7c37d0eea55f8ab6
humanhash: golf-pasta-texas-batman
File name:Bank_Payment.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:547'154 bytes
First seen:2020-05-27 12:09:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:a/e/cj/o61QxmcJFz7OBDmvKljRi3h/yRaU74sa+zhuD5B78XDoC:TM3ax1JFZsNi31MaUsW1uD5BgXX
TLSH 47C423690672190E70AF37B28EB642744C65F59ED2DBB13D8369014C9BA640FF2FC267
Reporter abuse_ch
Tags:HawkEye WellsFargo zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: server1.lightage.it
Sending IP: 217.64.202.154
From: Wells Fargo USA <Payment@wellsfargo.com>
Reply-To: mark@zoomwebmedia.com
Subject: Re: PAYMENT.
Attachment: Bank_Payment.zip (contains "Bank_Payment.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Barys.54078.944.22778.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Barys
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:36:22 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 851a765508e1ababa0c06808116d34e51d75599129b9df3288ba3d35e160dc75

(this sample)

HawkEye

Executable exe ecc40ecb741be3a9d47f12ce79a322d6bbeb7b5ef3279bf167cd4fa9fde2d6aa

  
Dropping
MD5 8c380ce020ff503cf957f3990a2a89e4
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ecc40ecb741be3a9d47f12ce79a322d6bbeb7b5ef3279bf167cd4fa9fde2d6aa

Comments