MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a83a9b906a8a77218be1df25d4d140bf555a23016642ba07c0e37defbfbd2418. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a83a9b906a8a77218be1df25d4d140bf555a23016642ba07c0e37defbfbd2418
SHA3-384 hash: bb32983bb848d424e9535b952440f64a0db7b08525c75c7ed6cf2f43e58771de8d6a0d0b9337278bf8816ce63e58c630
SHA1 hash: 1c00a9bc4feb93424a16e288cc4c14ebbd0abe19
MD5 hash: 067168e469a61f3fceba2d04b2b013fe
humanhash: dakota-jig-purple-mobile
File name:RFQ.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:666'211 bytes
First seen:2020-10-12 05:55:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:4pjkFNtBKj0DilQRfjybSa6k1LNNaJNSnA+8JOKS4OxxDukgMg:ikFdKj0DilQRfjybSa9Naj4l8gKS3vSD
TLSH FEE4236C17A5DB806597796EB10D14FACBF58A8D89D8B0C51244B363C6EF3C482E68C3
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: altesoman.com
Sending IP: 107.173.40.220
From: For Al - Alalan Trading LLC (ALTES - LLC) <mangesh@altesoman.com>
Subject: RE: C & F price to Oman for below – as per your scope of supply
Attachment: RFQ.zip (contains "RFQ.exe")

HawkEye SMTP exfil server:
mail.eagleeyeapparels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a83a9b906a8a77218be1df25d4d140bf555a23016642ba07c0e37defbfbd2418/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-11 22:37:44 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=va5jxedkrj3sdc7b34s5jukax5kvuiybmzblub6a4n667p55eqma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
DealPly
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/a83a9b906a8a77218be1df25d4d140bf555a23016642ba07c0e37defbfbd2418

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip a83a9b906a8a77218be1df25d4d140bf555a23016642ba07c0e37defbfbd2418

(this sample)

HawkEye

Executable exe 7dfdce0a99eabe706a8f617d20f54ab7c933fd0e702dffed576ea3d5d74aea9d

  
Dropping
MD5 d3689ea11f7f9e48dd6bad9d74f42ecc
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7dfdce0a99eabe706a8f617d20f54ab7c933fd0e702dffed576ea3d5d74aea9d

Comments