MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc880edd656ad588a0d728e56efa13eb0de71d9b4c50c737ad5f0b0b888ae39d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc880edd656ad588a0d728e56efa13eb0de71d9b4c50c737ad5f0b0b888ae39d
SHA3-384 hash: a519a9ff648a6391bfea9c97070fbc3b00159b26b6054b65487757e155b81c99b73362c0189a7f72599c5d6f656a907a
SHA1 hash: 01cb2a4a3ad772381aa7172e1767c923faaf4f6a
MD5 hash: 985b3cca189884e56354bff86d0a22ee
humanhash: sierra-summer-magnesium-missouri
File name:order06JUL20200076.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:627'563 bytes
First seen:2020-07-06 07:11:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:XyJQe4KPM3wrSdlKNZHN7rIOafnMgPR0g8vUoqqtBVsSF89v5E5D5x:iJQasw+dlKfRN3+onJxt5x
TLSH 47D4237193344A5D50392736A57F1FD83CB46406326186A3B0BA246F1A89FF5EEB2D0F
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: thunis.com
Sending IP: 111.202.203.220
From: Purchasing <sales@thunis.com>
Reply-To: dh_derhawk@126.com
Subject: RE:Order:723 4143300723+7418200723
Attachment: order06JUL20200076.zip (contains "order06JUL20200076.exe")

HawkEye SMTP exfil server:
webmail.tos-thailand.com:587

HawkEye SMTP exfil email address:
sudarat.k@tos-thailand.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc880edd656ad588a0d728e56efa13eb0de71d9b4c50c737ad5f0b0b888ae39d/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 07:13:04 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zsea5xlfnlkyrigxfdsw56qt5mg6ohm3jrimon5nl4fqxcek4ooq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip cc880edd656ad588a0d728e56efa13eb0de71d9b4c50c737ad5f0b0b888ae39d

(this sample)

HawkEye

Executable exe 18b5e8b21a0feba19538fd26046557f1b5ae22e93cf99adb92122254b8c72f3e

  
Dropping
MD5 db7861ff2316e8f279915fc33de8f9e9
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18b5e8b21a0feba19538fd26046557f1b5ae22e93cf99adb92122254b8c72f3e

Comments