MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a59c372fb9eb877ba20377d45cb74dcdb23cf4ed0436f6baeb1afea51894950. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a59c372fb9eb877ba20377d45cb74dcdb23cf4ed0436f6baeb1afea51894950
SHA3-384 hash: caa7de4674657fdeeaaa313f4d9bde1b941fef940dffbf8e997273026d51959b99999a00ec9c44661b202f6779528895
SHA1 hash: 7d02bac04c6c27ed1b98c2b81c5e68ecec11bbf3
MD5 hash: d902ecfee062f36b7694c9de2edd98d3
humanhash: hamper-winner-video-nine
File name:1a59c372fb9eb877ba20377d45cb74dcdb23cf4ed0436f6baeb1afea51894950
Download: download sample
Signature HawkEye
Create hunting rule
File size:489'312 bytes
First seen:2020-06-10 11:40:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:VYV6MorX7qzuC3QHO9FQVHPF51jgc1Gd6hVXjnhq:KBXu9HGaVHHVzhq
Threatray 879 similar samples on MalwareBazaar
TLSH 49A423C16FF66224E4F32BB2AD7921206922BCE5E675D38D1164A81D9C2BF40DD32773
Reporter JAMESWT_WT
Tags:HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Malware.Generic-6964340-0
Create hunting rule

Win.Downloader.Juqk-6964695-0
Create hunting rule

Win.Dropper.Remcos-6965112-0
Create hunting rule

Win.Dropper.Autoit-6964335-1
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 23:42:37 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
36 of 48 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
28102f94dd691b7e8f350f294bb627cc5620188b9b8f3fb5fba6e822924105fe
HawkEye
3148f0c0266e7ec90e12a356b8a88a272f3dd4e88c7aa9db82da2788bd0dc2d5
HawkEye
36e5646b2622d4c47947fa54a8f35c1c9d91db60ce3116e352f9f93b8a9f3ada
HawkEye
62e9a9522a98f1a4ad322c5ef52fa3187a1204df9455d57766e4b221dc56fd35
HawkEye
849af25a67d831b8e5d90cc6e4b51014a3a4d9f474f7363865cbd98c4dc0ea5a
HawkEye
908959fae28ad03836fb12b94a9a2f80981ec15f6481c230b9108f097edeb176
HawkEye
ca0ffb047bb011ae244daae2f9eb29e4e2db3d77817c5eea1636ce57b6c041cb
HawkEye
d8c07fc0cc1addc3f25623ac872703d2c10ae5e8fadc7370e13b4162e063a376
HawkEye
eee4d211bbffe896f0de21854cb5adac6e10c85016986efd260b45c7022d7521
HawkEye
f428cda5f99c3961bb5532cd38f6c512cffb2a6dfc30865897e52d838c7cfef2
HawkEye
+ 869 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan upx
Link:
https://tria.ge/reports/201109-v1dgylnkxe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Drops startup file
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments