MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adf98a8e1e9abfd944d6fdf430a0add5cec39059d84fba45e480b997e935cacb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adf98a8e1e9abfd944d6fdf430a0add5cec39059d84fba45e480b997e935cacb
SHA3-384 hash: ce038e3215abcbacc785000d87778bc9a229a8f7d0e2981773fa24eaa08add9c05a4a288bad553558b086de5e5ebb475
SHA1 hash: 5c3db0b83ffc9932029677f2fc2d6621204901d5
MD5 hash: 7e9c8313d8ad1ddc62a39f91b870a9bb
humanhash: potato-kitten-paris-nebraska
File name:DHL76890640520.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:639'160 bytes
First seen:2020-05-13 07:13:56 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:VHvBNzjsS0lmkx5YyzuAxifsPL3oMt6wAZhxOHL3QT2pJYfogp0L:VHvBNH0lmk5nMcL3Xt69xSLm2pJYO
TLSH EAD43393EBF56AB7C6212FDB08C01F1F07E5D1E3B5D9B43390306AE5166A41BA4E5E10
Reporter abuse_ch
Tags:DHL HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: gl-host101.tenten.cloud
Sending IP: 150.95.111.186
From: China DHL Express <consignments-notification@dhl.com>
Reply-To: dhlhr@dhl.com
Subject: RE: DHL单号 Shipment Delivery
Attachment: DHL76890640520.PDF.z (contains "DHL76890640520.PDF.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.W32.Trojan3.APDS.16897.29180.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:01:38 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vx4yvdq6tk75srgw7x2dbifn2xhmhecz3bh3urpeqc4zp2jvzlfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z adf98a8e1e9abfd944d6fdf430a0add5cec39059d84fba45e480b997e935cacb

(this sample)

HawkEye

Executable exe 866e522886833782a25f4c9cdb823a29f3a4d1e8b26eef03ed271af7b991eae5

  
Dropping
MD5 d1b3288580e86d71d130c0646161f357
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 866e522886833782a25f4c9cdb823a29f3a4d1e8b26eef03ed271af7b991eae5

Comments