MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df613973c7709fb37e06ea2b6e63f08adcf17158de9d2fb362a46307b1c1644f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df613973c7709fb37e06ea2b6e63f08adcf17158de9d2fb362a46307b1c1644f
SHA3-384 hash: 863eba06f8890ac3759d8dbfbe6bf9458043afdc8b5aaf3d01329f22ea7d28b4eb7628832e4737b72d21f53c33d8182d
SHA1 hash: d9cf637229a8ed1308651e695cbabed8c1af8453
MD5 hash: 57faee041b9e54a3e6df99df6b2597c0
humanhash: kansas-solar-tennessee-wolfram
File name:CoronavirusDiseaseCOVID-19..zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:835'259 bytes
First seen:2020-03-28 09:08:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:f7V2z9MIbW4D+JYthXwoylkqInvMp+y1l:f74J7bWO+JYDylW++yz
TLSH 1C0533315745D1EAB0EDF7221C84287042C7EAFA226ED1D3F6097CD3A01CA7C99A9F59
Reporter abuse_ch
Tags:COVID-19 HawkEye zip


Avatar
abuse_ch
COVID-19 themed malspam, dropping HawkEye:

HELO: who.int
Sending IP: 185.208.211.173
Mail from: Tedros Adhanom <TedrosAdhanom@who.int>
Subject: RE: Coronavirus disease (COVID-19) outbreak prevention and cure update.
Attachment: CoronavirusDiseaseCOVID-19..zip (contains CoronavirusDiseaseCOVID-19..exe)

HawkEye config:
Version: 10.1.0.0
Mutex: 0646acc9-0a86-4da1-b5d5-2d5dd4ac5c7d
Email Username: info@leadasiacoaching.com
Email Server: mail.leadasiacoaching.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.45878.32730.31864.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Llac
Create hunting rule
Status:
Malicious
First seen:
2020-03-28 09:24:42 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
11 of 31 (35.48%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=35qts46hocp3g7qg5ivw4y7qrlopc4ky32os7m3currqpmobmrhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip df613973c7709fb37e06ea2b6e63f08adcf17158de9d2fb362a46307b1c1644f

(this sample)

HawkEye

Executable exe c79fa61d99b4033bc4c88603c1ac8aa581b3bfe89721e1376ea6e744dd8f4af9

  
Dropping
MD5 f92c101848d4e76fa78bc80259958658
  
Dropping
SHA256 c79fa61d99b4033bc4c88603c1ac8aa581b3bfe89721e1376ea6e744dd8f4af9
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c79fa61d99b4033bc4c88603c1ac8aa581b3bfe89721e1376ea6e744dd8f4af9

Comments