MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 073c3d60993b41a1ea5847c06dab48a4bf4e3da87e74d26d8d51a1c11e0dae0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 073c3d60993b41a1ea5847c06dab48a4bf4e3da87e74d26d8d51a1c11e0dae0c
SHA3-384 hash: f81346e1614102826b22bbca1bdfb37b9642093bf0e7811aa223633d79545e3750c8432f9d990755cad2ec367e1961ad
SHA1 hash: 3c368f32acd757593fc88bf170d83093931036f6
MD5 hash: c610413e42d6a5b3bee1fd9f1d0b566b
humanhash: ceiling-carbon-speaker-august
File name:Order-LIB-V-073D20-63433-pdf.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:693'284 bytes
First seen:2020-06-04 05:10:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e92fa7ccd490db33ccf0235eae4258bb (3 x AgentTesla, 2 x Loki, 1 x HawkEye)
ssdeep 12288:b6+mn9A32uu5hZqBnxeu5cfM+BIjvTxGKUlOtzz1Lww40nOOgV0VzZa:b6d97ZMmNgTBJ1oQyV1
Threatray 2'230 similar samples on MalwareBazaar
TLSH 4DE46D22FAA0443ED97317399C9B93F49C2ABE207D34B9863BE4DD4C5E346913935293
Reporter jarumlus
Tags:HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 07:22:16 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a46d2yezhna2d2syi7ag3k2ius7u4pnipz2ne3mnkgq4chqnvyga._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
0cad6de93886014f460477497c10b086c05531b368f9f7dd7ebab4c6d18fc53a
HawkEye
52054471a155edf2779e397464d81796b16de9f44476388591dd91a9ce136df2
HawkEye
69f0b47ce8a9aea88c84a436e06a6569715461960f48fa5b10af6b7ae0b94202
HawkEye
6afe88a410a038c2e304fc192e0a17cf78d93f21075029fcc35d510eb7e5c702
HawkEye
6d415497a3d0845048c1ccafb82bf70283dd6976dbabb8f1cf639b9780571a40
HawkEye
7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51
HawkEye
7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
HawkEye
7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
HawkEye
923d6f2e83a74acdd4e501f42f737b720ab266e1ed7312994bd99e259bd15464
HawkEye
d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627
HawkEye
+ 2'220 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-fn4fn25b32/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 8b52bb791c43dd21b1e3fb57114864d4982ee2da7ed8506dae39b0c266842062

HawkEye

Executable exe 073c3d60993b41a1ea5847c06dab48a4bf4e3da87e74d26d8d51a1c11e0dae0c

(this sample)

  
Dropped by
MD5 da069316aed5c5c00238009d157614e9
  
Dropped by
SHA256 8b52bb791c43dd21b1e3fb57114864d4982ee2da7ed8506dae39b0c266842062
  
Delivery method
Distributed via e-mail attachment

Comments