MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556
SHA3-384 hash: 6c825a8ffc53816285dbe6ece473559a5a89a33dc6b19a445ce553a03a4c0cc21bd779f2a410e686106ffbfc9e49797f
SHA1 hash: 7b01b524aec1cc30a060fae2917839e5739d7fed
MD5 hash: 7350f0532cd05fd7c4c46a364221bf99
humanhash: magazine-winter-romeo-asparagus
File name:PO-1151.001
Download: download sample
Signature HawkEye
Create hunting rule
File size:754'141 bytes
First seen:2020-07-29 05:08:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:s56y4uGEUHRlJrQy1uXA8cvQ8rwixMjUjetn4TQnV+FImFetewmxP8K4zD++5tEX:w6duGEIDyyR8cv7wixMjhiO+OmFetg8s
TLSH 90F42374DAC98FF4967EA85E124A322FBEC6A5F1ED0847C5506DAB86DCFC41981CB014
Reporter abuse_ch
Tags:001 HawkEye


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: mail.2mlab.net
Sending IP: 195.43.191.138
From: prenota@missirini.it
Subject: RFQ - Inquiry
Attachment: PO-1151.001 (contains "PO-1151.scr")

HawkEye SMTP exfil server:
smtp.mail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556/
Threat name:
ByteCode-MSIL.Trojan.MassLogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 05:10:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ujn4on72sghzfgpcz3zcrasqjlgsjf4h7kp2danwu7xqitao4vla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar a25bc737fa918f9299e2cef22882504acd249787fa9fa181b6a7ef044c0ee556

(this sample)

HawkEye

Executable exe a72abccbb65d45e50e2bdac6fbfcc3832af2be5e8bb2c20904674b8e59fc667c

  
Dropping
MD5 e10e52b1b63ab576d01720563cbc3e1e
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a72abccbb65d45e50e2bdac6fbfcc3832af2be5e8bb2c20904674b8e59fc667c

Comments