MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b266a34dddaf82c977075bd77228922021eb92685badb4417745e1cbe005873d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b266a34dddaf82c977075bd77228922021eb92685badb4417745e1cbe005873d
SHA3-384 hash: 17fb1966720a132d8a90f83a56ebd93b39288ecf001b391f2d0c183e414f59d63aa5a70c0cc328e8c64a163fd1fbec4d
SHA1 hash: 8112b8767569effbf745b40039d557925667be7e
MD5 hash: 664e00a8de4bc8a6685cbb1ed12e6ff8
humanhash: alaska-berlin-diet-five
File name:INBL Draft Original Shipping Document.rar
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'119'340 bytes
First seen:2020-06-02 09:36:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:MYE5B6FQUVYCynyTeqdAl9Rm8RH+Qk640v9l2:naB6uUVYzn7qdAl9oZ6hz2
TLSH 833533569B2F2AC1F1E7EA305B97E1864C32211CC84776DAF2EDE5B257BC3584B48213
Reporter abuse_ch
Tags:DHL HawkEye rar


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: ns1.suncoastpkg.pw
Sending IP: 139.59.61.226
From: DHL AWB Shipment<dhlexpress@express.com>
Subject: DHL Shipment Details :BL/AWB DETAILS (AWB2058917205)
Attachment: INBL Draft Original Shipping Document.rar (contains "IN&BL Draft & Original Shipping Document.exe")

HawkEye SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:15 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wjtkgto5v6bms5yhlplxekeseaq6xetilow3iqlxixq4xyafq46q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar b266a34dddaf82c977075bd77228922021eb92685badb4417745e1cbe005873d

(this sample)

HawkEye

Executable exe 69f67f002f144d04bbe310e507a5fd32358d8d69daf9c0b9f352a7ba1049f5d6

  
Dropping
MD5 c70855529beeb586f0fdd3285eecc99f
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69f67f002f144d04bbe310e507a5fd32358d8d69daf9c0b9f352a7ba1049f5d6

Comments