MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93b16ee22ee7c8a77ac718a118ac29d3f726d916e3be8c451ee1c9b3708ef0b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93b16ee22ee7c8a77ac718a118ac29d3f726d916e3be8c451ee1c9b3708ef0b2
SHA3-384 hash: 312a00919c1778dd23f324ecfe755d5b3df3f67fa70e5b889e4eb816ddf570251314b6c9fa89754d6322006bc405e704
SHA1 hash: 105d23942126c1dfdc88a913e7ddad616450098b
MD5 hash: 1becde90b6a5d2bb4e315df9fed82c2a
humanhash: arizona-florida-mike-echo
File name:PO983627289.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:554'819 bytes
First seen:2020-05-20 08:44:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JfcBP47pL+4kj1oL///SF18y3sJZyn8IWde3vmexcgt:F6P4py4GOb/qF18y3sfe0AmW
TLSH E0C4232D2C2EC988ED0860BD70970A6B0FB52C7B76C593F1A32753E7E250351BA6C567
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: 92-223-253-226.ip276.fastwebnet.it
Sending IP: 92.223.253.226
From: Christina <anfil@misya.it>
Reply-To: dh_derhawk@126.com
Subject: RE: PO#: EF17BA/0-00661
Attachment: PO983627289.zip (contains "PO983627289.exe")

HawkEye SMTP exfil server:
smtp.urban.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.2544.31831.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:36:13 UTC
File Type:
Binary (Archive)
Extracted files:
298
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=soyw5yro47eko6whdcqrrlbj2p3snwiw4o7iyri64he3g4eo6cza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 93b16ee22ee7c8a77ac718a118ac29d3f726d916e3be8c451ee1c9b3708ef0b2

(this sample)

HawkEye

Executable exe fce56056a7028ed4787e39d614c90e84804ad0dc03185a6532834564b10b7d5a

  
Dropping
MD5 c9ddd7789409993921f935f42e7fcf1a
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fce56056a7028ed4787e39d614c90e84804ad0dc03185a6532834564b10b7d5a

Comments