MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb60552c628dcc331ec4665723144d893e3f555fb2e495cfdf5057573d2d9188. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb60552c628dcc331ec4665723144d893e3f555fb2e495cfdf5057573d2d9188
SHA3-384 hash: f96ea7c1c2ad48651c73e0902e3a1d0007c6f51252a4b6b79582355883c67bb8f152e7c8a53ec79b8f17abfc1f8db8ec
SHA1 hash: 4ff36d6d292cdaa424c6dbbde83c421e9198dec5
MD5 hash: 6470f24509aa6ca3b678624fcedd73f6
humanhash: seven-blue-april-massachusetts
File name:Hesap Hareketleri 17-06-2020 pdf.rar
Download: download sample
Signature HawkEye
Create hunting rule
File size:508'142 bytes
First seen:2020-06-17 05:48:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:6oQSVvFo+LjR5D+r1Fa1W4pnYOsaNObdgFiOq:dQS/tjR5aF4uOsaN2+Fir
TLSH 49B4234363942873E43F772867A8E1E4488A809F188EF74EDA4FD91742257BB0DE16D7
Reporter abuse_ch
Tags:geo HawkEye QNBFB rar TUR


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: lin4.teknikdata.com
Sending IP: 178.210.165.247
From: QNB Finansbank <email@email.qnbfinansbank.com>
Subject: QNB FINANSBANK - 69050134 no'lu hesabınızın günlük hareketleri
Attachment: Hesap Hareketleri 17-06-2020 pdf.rar (contains "Hesap Hareketleri 17-06-2020 pdf.exe")

HawkEye SMTP exfil server:
host25.safaricombusiness.co.ke:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.CryptInjector
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:50:06 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=znqfkldcrxgdghwemzlsgfcnre7d6vk7wlsjlt67kblvopjnsgea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

rar cb60552c628dcc331ec4665723144d893e3f555fb2e495cfdf5057573d2d9188

(this sample)

HawkEye

Executable exe 7e6dc9928e049d75cd726d8542b39cf46afef0cfd37c8dcb968ea618aedbb696

  
Dropping
MD5 69bcd7ab1f061cf0013bdd2619098814
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7e6dc9928e049d75cd726d8542b39cf46afef0cfd37c8dcb968ea618aedbb696

Comments