MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbd1388b72727a7ef23b306479057657808e8ede481dc85cacbfa3b952304e45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbd1388b72727a7ef23b306479057657808e8ede481dc85cacbfa3b952304e45
SHA3-384 hash: 56d88218f3dc3e17184602ce6e3cc9db287bb0c44b827cda46913b76dd0f0b3bf570db73850fb43340aceea6c13974cf
SHA1 hash: b12fcc6df54357b91d4a77ba132384b4974da216
MD5 hash: e4df049ee0698673d956045f0773978f
humanhash: texas-saturn-november-hydrogen
File name:Payment_Slip.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:439'739 bytes
First seen:2020-05-13 10:57:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:czHP+dfveWDrGZ+Tgl6swHrU8xPBb1ULYiISiBeF:cz+dHfrGZbaL7febIlA
TLSH 529423C709B559C9A1762FE87977CC74173057C5726A2A17C80EE2A29CF62497E832CC
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: mx2.bangla.net
Sending IP: 203.188.252.24
From: Xoom Technologies Inc. <br3937@bangla.net>
Reply-To: t-kawaguchi@comcell.co.jp
Subject: payment
Attachment: Payment_Slip.zip (contains "Payment_Slip.exe")

HawkEye SMTP exfil server:
server165.web-hosting.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:37:16 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xpitrc3soj5h54r3gbshsblwk6ai5dw6jao4qxfmx6r3surqjzcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip bbd1388b72727a7ef23b306479057657808e8ede481dc85cacbfa3b952304e45

(this sample)

HawkEye

Executable exe f1a630f7b8387dc08f1c516b7e79c2d7099fcc47ab529902807d471e683a909b

  
Dropping
MD5 eeab24ac2f68cf76f124822c8b74bb6a
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1a630f7b8387dc08f1c516b7e79c2d7099fcc47ab529902807d471e683a909b

Comments