MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92c85e11f297d167ac13774cd32ae7106f11f295251be0983990b150a8e3b576. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 92c85e11f297d167ac13774cd32ae7106f11f295251be0983990b150a8e3b576
SHA3-384 hash: e44afa23f1b33981e5c039d1ab7dfc36f7485ad4a8d18b47317737e40b062413d0185c94216c2995088d0a2c7265a6ec
SHA1 hash: 4b798e87d2cbe2e93f35a3a8f3dfa2ee99e9c03f
MD5 hash: 833fd320bd8561f6b5a0d9edce0697f8
humanhash: single-mike-hotel-saturn
File name:Purchase Order_23011008_PDF.zip
Download: download sample
Signature HawkEye
File size:1'377'621 bytes
First seen:2020-06-19 06:36:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:lFtgAgw+VT6ClfnLmeS55zzZcH0n+QvfyX3rvBld6+XZj8W+gYNDIHd5:lFt+DVTYegZo0nfvfy7Bls/gYsd5
TLSH 7555334401A62DAC0D176A505983B93DCB172254F00BC7DA9F3E87EA97A19E9FC406FF
Reporter @abuse_ch
Tags:HawkEye Yahoo zip


Twitter
@abuse_ch
Malspam distributing HawkEye:

HELO: sonic304-56.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.128.31
From: Chandigarh Hydraulics Company <chd_hyb@yahoo.com>
Subject: Fw: ADITYA PO.
Attachment: Purchase Order_23011008_PDF.zip (contains "Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE")

HawkEye SMTP exfil server:
outback.websitewelcome.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.AitInject
Status:
Malicious
First seen:
2020-06-19 06:38:04 UTC
AV detection:
24 of 48 (50.00%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 92c85e11f297d167ac13774cd32ae7106f11f295251be0983990b150a8e3b576

(this sample)

  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment

Comments