MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f05f2f98f03c814a6ddac55e071af66c3ce6209728bc3076029fe110114cbff4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f05f2f98f03c814a6ddac55e071af66c3ce6209728bc3076029fe110114cbff4
SHA3-384 hash: 92315081138a2133a85cc037a20187a30c4f72f0768ca44557399bc12886406c50eb65d2e1d06993a1175f1cfbccfb44
SHA1 hash: 688f6fe58a321aa63e34d2b1c4fe04174673b542
MD5 hash: 423df63dfc7df7353ec209afcb8cf2f0
humanhash: carbon-papa-salami-lion
File name:DOC7645438_200420.PDF.z
Download: download sample
Signature HawkEye
Create hunting rule
File size:499'080 bytes
First seen:2020-04-20 15:16:31 UTC
Last seen:Never
File type: z
MIME type:application/gzip
ssdeep 12288:76+shLGLj6+KlQVBhqdqxqCMtrEVooQsrSAexIhTejX:PshLblQVBhqdq4CMtQSsSFIhyjX
TLSH FFB423C5EE78D1A497A7224297B1CBCBDF2800B324D2D46AE1386335ED13E2F68585F5
Reporter abuse_ch
Tags:COVID-19 HawkEye z


Avatar
abuse_ch
COVID-19 themed malspam distributing HawkEye:

HELO: who.int
Sending IP: 192.119.65.250
From: WHO-HQ<info@who.int>
Subject: WHO - Approved Coronavirus (COVID-19) Information
Attachment: DOC7645438_200420.PDF.z (contains "DOC7645438_200420.PDF.exe")

HawkEye FTP exfil server:
ftp.triplelink.co.th:21 (103.27.200.199)

HawkEye FTP exfil user:
NewLogsss@triplelink.co.th

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.830221.1063.8760.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Heye
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 15:35:31 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6bps7ghqhsauu3o2yvpaogxwnq6omiexfc6da5qct7qraekmx72a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

z f05f2f98f03c814a6ddac55e071af66c3ce6209728bc3076029fe110114cbff4

(this sample)

HawkEye

Executable exe 005822fc3aef38fc6ab18c25728cea2781d960168f8cf8961fb122bd6d64b082

  
Dropping
MD5 860789509f99fa6fdfc3a5e1990c296a
  
Dropping
SHA256 005822fc3aef38fc6ab18c25728cea2781d960168f8cf8961fb122bd6d64b082
  
Dropping
HawkEye
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 005822fc3aef38fc6ab18c25728cea2781d960168f8cf8961fb122bd6d64b082

Comments