MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e49425565db9104f29683f45bc120dbb71a977ac4772e0930c951eabb8c69ca6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e49425565db9104f29683f45bc120dbb71a977ac4772e0930c951eabb8c69ca6
SHA3-384 hash: d50b3cc43bed7bbdfa540ebc2f9a52232802e54f3cab59bc557a58f96ed201d4f3b147de50604b4d4d9488b3e548237b
SHA1 hash: c3ce0756a4aba7858f35bcc8a701e2898745a054
MD5 hash: b7010fcfa7c8304028e5586a0bdc8253
humanhash: red-cat-finch-item
File name:ORDER120820208899444.zip
Download: download sample
Signature HawkEye
Create hunting rule
File size:602'787 bytes
First seen:2020-08-12 14:35:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:rpj21/I92GCoMCiF2hRWrByFF+5/+SDV+8sVjC8VYvAu+HAS9sVrtxd:rpjTC7CNQreF+RvhsNQAuDS6d
TLSH 17D4239599BDEBD21257BA756D807270B43C43DB989815C2EB3A52F3812BB2E403DCC6
Reporter abuse_ch
Tags:HawkEye zip


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: plesk02.nttcom.ms
Sending IP: 137.116.230.189
From: HEIMIR JĂ“NSSON <samplesales@joinwin.com.hk>
Reply-To: dh_derhawk@126.com
Subject: Re: Re: FACTURA 120004617-SPS-1726076
Attachment: ORDER120820208899444.zip (contains "ORDER120820208899444.exe")

HawkEye SMTP exfil server:
webmail.tos-thailand.com:587

HawkEye SMTP exfil email address:
sudarat.k@tos-thailand.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e49425565db9104f29683f45bc120dbb71a977ac4772e0930c951eabb8c69ca6/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 14:37:04 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4skckvs5xeie6klih5c3yeqnxny2s55mi5zobeymsupkxoggtsta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e49425565db9104f29683f45bc120dbb71a977ac4772e0930c951eabb8c69ca6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip e49425565db9104f29683f45bc120dbb71a977ac4772e0930c951eabb8c69ca6

(this sample)

HawkEye

Executable exe 79b1e929f10bf44515921941df55c5d98f5cf82b2be8727c2ebb4291e664de81

  
Dropping
MD5 a6c06a940cf0d58e61a5963514ea8b80
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 79b1e929f10bf44515921941df55c5d98f5cf82b2be8727c2ebb4291e664de81

Comments