MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad1961225cde968578df746b8922d0415c0ce69339868b17825b3fbdaf3d0044. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad1961225cde968578df746b8922d0415c0ce69339868b17825b3fbdaf3d0044
SHA3-384 hash: 6dae24c7e05f9a5470db21ac20d134141fb054dc07bd1df3dd4ab022619cd14377b4d6de9f67a053dba9d62cae7f2434
SHA1 hash: 466bb4c97b780842d5b259b98ec0e158c3db1760
MD5 hash: 4f37c38d995206891778a0c917d99a7d
humanhash: iowa-mango-apart-mississippi
File name:Payment_Copy.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:583'824 bytes
First seen:2020-06-02 06:42:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:2A38/myt1ErbcqXsiPpbvMXBP/5DDybGpKqTHOg3Z15qbND+jQ3r5w3:2fOytq8qXsiPpbkBnoVqbZZ1ADMQb5w3
TLSH 50C42316A28190CA85BD79D613F01123675B3E2EC4C3CA70B8EF95A7513F1ED8858CBB
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: Xoom Technologies Inc. <job6@italos.gr>
Subject: Re: PAYMENT.
Attachment: Payment_Copy.zip (contains "Payment_Copy.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 18:41:57 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vumwcis432lik6g7orvysiwqifoazzuthgdiwf4clm733lz5abca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip ad1961225cde968578df746b8922d0415c0ce69339868b17825b3fbdaf3d0044

(this sample)

HawkEye

Executable exe d865fdf5282a3217fe6550a2667c9f90c3a3244038cb9b9998a0062304deaa30

  
Dropping
MD5 2ee74e80c998c5573d10ddfcc5da2393
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d865fdf5282a3217fe6550a2667c9f90c3a3244038cb9b9998a0062304deaa30

Comments