MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9b809d4037f1529c8588bb47a3cffb7f9b84e757080fe85996dec9dc86d0e49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9b809d4037f1529c8588bb47a3cffb7f9b84e757080fe85996dec9dc86d0e49
SHA3-384 hash: 90de9b81fbbeda657ed8c297aedf305759df872629a0adf408fdd5c5a19ad6addbcc8b35fc2142778444daa4323e6f77
SHA1 hash: cb74070853ef3550dd7bb2b48f8a46bed9e9ddee
MD5 hash: 3e544232801396b10f5e6928cd05c7fe
humanhash: nineteen-october-washington-island
File name:RFQ-MFJO843.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:196'818 bytes
First seen:2020-05-05 07:34:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:qxf3c3ySNWHCPD0YSwQOASUN3HSnoUrQ2oJK25RL/rUTDY9DWkuwhQl5lBoM5MF:qxfhSQirEcADN3yoF5trqDlVNOIs
TLSH A1142331CF6E43871D1E18DA63DD36AF9B7B6001C80F5E96A8C1D3A15AD76188F4B50E
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: combytellc.com
Sending IP: 37.49.230.36
From: Eng. Wael Al Nahhas <sandeepgill@combytellc.com>
Reply-To: Email ADMIN <noreply@domain-admin.com>
Subject: RFQ PIPING & RISER
Attachment: RFQ-MFJO843.zip (contains "RFQ-MFJO843.exe")

HawkEye SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJWF.10283.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 07:35:50 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xg4atvadp4kstscyro2huph7w743qttvocap5bmznxwj3sdnbzeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip b9b809d4037f1529c8588bb47a3cffb7f9b84e757080fe85996dec9dc86d0e49

(this sample)

HawkEye

Executable exe ba783a6dc1161f2de26ff815457e19aa6918ad4d6bc87f048bc00975ea4a210e

  
Dropping
MD5 9a28b54a34e64581f9eb823c2a2f8ba0
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ba783a6dc1161f2de26ff815457e19aa6918ad4d6bc87f048bc00975ea4a210e

Comments