MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8
SHA3-384 hash: 4935f9d9d2aedf167aed6332ef7b04c9aa9a8c4d1e2134ab5bd1390f95d026acea9068be965b4faafdbed5c09702b329
SHA1 hash: 4842f095f105813e456a2f418f719b7bb843b8b4
MD5 hash: 883ae301946f0c4ed4907a5c8084b554
humanhash: uranus-idaho-maryland-emma
File name:Purchase Order_23011008_PDF.zip
Download: download sample
Signature HawkEye
File size:1'377'251 bytes
First seen:2020-06-18 11:10:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Xbsh+wUWbZ5ALQhoeSVnTSUIviUqQDm+IbpIz7I28B5mz4/AS9VNiAhU:rshZjbZKL+oerlBmNLTB5mz6ir
TLSH E3553350C3E87F397DA5D86F03A19E26641FBFD1D24674EA4EACB2AD06B17A0504C839
Reporter @abuse_ch
Tags:HawkEye Yahoo zip


Twitter
@abuse_ch
Malspam distributing HawkEye:

HELO: sonic301-47.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.242.110
From: Jakir Kamate <rahilenterprises7@yahoo.com>
Reply-To: Jakir Kamate <rahilenterprises7@yahoo.com>
Subject: Re: PO
Attachment: Purchase Order_23011008_PDF.zip (contains "Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE")

HawkEye SMTP exfil server:
outback.websitewelcome.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
38
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.AitInject
Status:
Malicious
First seen:
2020-06-18 11:36:07 UTC
AV detection:
28 of 48 (58.33%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip a13d1072f333489eefdc9cb88613608314c044b2e3187e227ee1628c3942ccf8

(this sample)

  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment

Comments