MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13f51d450568dc6ee7223eb76584d17417a2ef85141e74720445cfba0b10ad5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13f51d450568dc6ee7223eb76584d17417a2ef85141e74720445cfba0b10ad5d
SHA3-384 hash: abbb9b7ff5b5e05938c171e785f9e4a3321f1c4036dbea2f867045dcf742236062528171e19e881b53279693a875517a
SHA1 hash: 417553ee661efb459276135ba8be80dbbbed2466
MD5 hash: 34605433544389bfeaf0e04aa02d9bd8
humanhash: idaho-arizona-stairway-three
File name:WORLD HEALTH ORGANIZATION_PDF.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:2'340'864 bytes
First seen:2020-03-20 13:13:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091 (881 x AgentTesla, 737 x FormBook, 236 x SnakeKeylogger)
ssdeep 49152:wVg5tQ7a5nf8hcV5qIP9A5K7Cjqt5sbAQyUA458Vzo0hbOX7XR5:Sg56o0hcyLK7BtKvO4L04X7X
Threatray 1'021 similar samples on MalwareBazaar
TLSH 27B5022263DD8364C7726273BA25B701AEBB7C2506B5F46B2FD4093DF860162521EB73
Reporter c_APT_ure
Tags:HawkEye WHO

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-17 01:03:49 UTC
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cp2r2rifndog5zzch23wlbgroql2f34fcqphi4qeixh3ucyqvvoq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
50a0367e0dc806e22c71c7bfcfe9c2446b47dbb7dbba35d0de812e2803d33461
HawkEye
6266401f72539a6707cd55f3e277f6f878e8826af0f2944f7538319c08adc9e7
HawkEye
741febccfd91941af665d987210589f9c41f6653b6fc9422e3947fd4ce38926f
HawkEye
7692814b7832870abfa685010cc5bc5dd2c1f442ac5e8ca657e9b47e1c95c9bb
HawkEye
7db768647d7ac5cd4d5f4fe623b1d8e5b4f9832d6d5c9416007e62da115005d9
HawkEye
b97c07956f3a215d26bd24049ede64222b5395669ee81aee5e50e21ea708c6c0
HawkEye
d1ec926da7d3cb92aa79752572c43baadb5241d7acae7f6ba3dea776c95c7a8c
HawkEye
efae5ec231c8b0480b191a116e802f713d2a48721d51dea33a904e38d323faa1
HawkEye
f248fe6c9b2b30dad7c57fb0c6e6eb65a1db3b57d5825df4baf1d746a538de9b
HawkEye
f46f7af124b25fff7a984b802bfa9f1f01f1efcc3416221aa9b6254150ac9667
HawkEye
+ 1'011 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/13f51d450568dc6ee7223eb76584d17417a2ef85141e74720445cfba0b10ad5d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

Executable exe 13f51d450568dc6ee7223eb76584d17417a2ef85141e74720445cfba0b10ad5d

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::CopySid
ADVAPI32.dll::FreeSid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::GetAce
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
ole32.dll::CoCreateInstanceEx
ole32.dll::CoInitializeSecurity
ole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaWINMM.dll::mciSendStringW
WINMM.dll::timeGetTime
WINMM.dll::waveOutSetVolume
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AddAce
ADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::CheckTokenMembership
ADVAPI32.dll::DuplicateTokenEx
ADVAPI32.dll::GetAclInformation
ADVAPI32.dll::GetSecurityDescriptorDacl
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::CreateProcessAsUserW
KERNEL32.dll::CreateProcessW
ADVAPI32.dll::CreateProcessWithLogonW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::SetSystemPowerState
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
IPHLPAPI.DLL::IcmpCreateFile
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
ADVAPI32.dll::GetUserNameW
ADVAPI32.dll::LogonUserW
ADVAPI32.dll::LookupPrivilegeValueW
WIN_NETWORK_APISupports Windows NetworkingMPR.dll::WNetAddConnection2W
MPR.dll::WNetUseConnectionW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegConnectRegistryW
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::BlockInput
USER32.dll::CloseDesktop
USER32.dll::CreateMenu
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::FindWindowW

Comments