MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 beb17eb6d2b1562f9e824dc20f9a9550a3650eaac28c17b9ca6494e3f9b7c2aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: beb17eb6d2b1562f9e824dc20f9a9550a3650eaac28c17b9ca6494e3f9b7c2aa
SHA3-384 hash: e7a7a8beb882ac373e418c9a7a1fa0e2863afa4cfa623dd30d095555988adc4f351105afbfdc808279c40122918d29df
SHA1 hash: 59a117b12a6d53a5d78883a6d653c5e9518a197d
MD5 hash: 4a1b694c83e57dc998f13094097dd2f4
humanhash: texas-seventeen-mango-zulu
File name:COVID-19 SİPARİŞİ 49652.7z
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'698'633 bytes
First seen:2020-05-04 20:27:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:euhX8w7dkmFQRDF6H7DAGOg+Nmj0Bb5TTVgNFKtI:RpT7daifA3Vm4LTGNZ
TLSH B67533ACCD0B150850766B279A0C5A5DF16C8FD4DAA8ECB3CF1B2A68B55CE39F420D71
Reporter abuse_ch
Tags:7z COVID-19 geo HawkEye TUR


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: server.linux69.papaki.gr
Sending IP: 88.99.0.236
From: Fredrik Lingeskog <fredrik@svenskalager.se>
Reply-To: Fredrik Lingeskog <dustiutd12@hotmail.com>
Subject: COVID-19 SİPARİŞİ (MASKE, EL DEZENFEKTANI VE LATEKS ELDİVENİ)
Attachment: COVID-19 SİPARİŞİ 49652.7z (contains "COVID-19 SİPARİŞİ 49652.exe")

HawkEye FTP exfil server:
ftp.kassohome.com.tr:21

HawkEye FTP exfil user name:
bringlogs@kassohome.com.tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 20:36:02 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2yx5nwswflc7hucjxba7guvkcrwkdvkykgbpookmskoh6nxykva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip beb17eb6d2b1562f9e824dc20f9a9550a3650eaac28c17b9ca6494e3f9b7c2aa

(this sample)

HawkEye

Executable exe b97c07956f3a215d26bd24049ede64222b5395669ee81aee5e50e21ea708c6c0

  
Dropping
MD5 19c8a3aa7c9561a7f23a96c09ca49720
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b97c07956f3a215d26bd24049ede64222b5395669ee81aee5e50e21ea708c6c0

Comments