MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91b3241c870de07301b5980edb287ae54c57651c4b91bf8f0cb5fcb5113c3f4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91b3241c870de07301b5980edb287ae54c57651c4b91bf8f0cb5fcb5113c3f4d
SHA3-384 hash: 55c3d663f75bdb088eb105c992d11c9e3b0171475be166069dfa418d81a7aba30deb8ce0b1d9bf776d666cb3500ab487
SHA1 hash: 74c6f1e278ace3677555b354a05fdffcffc76ddd
MD5 hash: 43cc132c9a9bfa077416a85721112061
humanhash: alaska-foxtrot-mexico-pip
File name:Order_RFQ.img
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'376'256 bytes
First seen:2020-05-01 11:08:23 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:7XR30fs2hSqhdclDL07ip0rK/dqe9PR+5Xpbw/7jwjGdQqV5CwgI4wGHmbMilY:RyB5mai+rxeT+5Xp8/7kj27g/bI
TLSH D355E08CFBD18827DE524639C567BD804B37AEF0594EA2CE25EA74618F73BA05D005BC
Reporter abuse_ch
Tags:HawkEye img


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: ira.com
Sending IP: 173.82.119.46
From:  C.S. Kim (김창식 부장) <ianchoi@daelimcorp.co.kr>
Subject: Request for NDA prior to RFQ / CpChem USGC II project.
Attachment: Order_RFQ.img (contains "Order_RFQ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43642.32129.10006.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 06:26:20 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgzsihehbxqhganvtahnwkd24vgfozi4joi37dymwx6lkej4h5gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

img 91b3241c870de07301b5980edb287ae54c57651c4b91bf8f0cb5fcb5113c3f4d

(this sample)

HawkEye

Executable exe 0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b

  
Dropping
MD5 ab385c6275ab31c216f2e95a8b7d4fb8
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f371c17a23b2d2ce7d515476798aa61418232c74d7412b07a8473cde26d3a7b

Comments