MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd267a5cbeaeb21d081f33ec9f2633d5e5cf94be993f094077472c93d09a265e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd267a5cbeaeb21d081f33ec9f2633d5e5cf94be993f094077472c93d09a265e
SHA3-384 hash: e7c8d56e99ddf3264df22bab74765e17f1dc24b26e481fe3541411e5dd4d165d2366df775c627201e7b367ff94ce722b
SHA1 hash: 601c7e4a575896e15746f2601b7f52032e602c14
MD5 hash: e51dd1fa96d57c1c5d48d0b332783684
humanhash: illinois-nebraska-violet-rugby
File name:4111007645_050132020.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:639'496 bytes
First seen:2020-05-13 06:55:50 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:MlzJfKteyzAeDzv1YVHOf03mY81MdJen8xVYo6cKL7yL56GaApCm3T9z/7AOmcMm:mzJyUOvmVW79n8so8vyLQyCm3R/cOBMm
TLSH 01D4238D4740922C9DED3FC97D44150E3596E4862F2737EB3A169E2E8E9D87AF043722
Reporter abuse_ch
Tags:HawkEye z


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: MFGSourcing.com
Sending IP: 192.129.189.208
From: MGF Sourcing<AXu@MFGSourcing.com>
Subject: RE: Update All MGF purchased order for each style
Attachment: 4111007645_050132020.PDF.z (contains "4111007645_050132020.PDF.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.W32.Trojan3.APDS.16897.29180.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:37:07 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3uthuxf6v2zb2ca7gpwj6jrt2xs47ff6te7qsqdxi4wjhue2ezpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z dd267a5cbeaeb21d081f33ec9f2633d5e5cf94be993f094077472c93d09a265e

(this sample)

HawkEye

Executable exe eccca8a3f4c7a1ec13665137759fe722aceef7a1688f92c8a4c7796f6d85237f

  
Dropping
MD5 e1973b2ec827b41f6dd3751c8d821a06
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eccca8a3f4c7a1ec13665137759fe722aceef7a1688f92c8a4c7796f6d85237f

Comments