MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6266401f72539a6707cd55f3e277f6f878e8826af0f2944f7538319c08adc9e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 3 Comments

SHA256 hash: 6266401f72539a6707cd55f3e277f6f878e8826af0f2944f7538319c08adc9e7
SHA3-384 hash: 302eab8a5eddce2134658cac1c2a0cf496e8b29192f5c1340783e415fc88ebe984beadbc7a409b27bf5e8bafde98cdbe
SHA1 hash: 2109b928061ca389f3be6eaebd6666ee03c21b19
MD5 hash: 07abf95ae5c7387affd9db666006536a
humanhash: may-winter-october-johnny
File name:Y30000002.exe
Download: download sample
Signature HawkEye
File size:2'294'784 bytes
First seen:2020-03-16 06:52:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 49152:cVg5tQ7aRaZYNl0VJXxlW3/u0RInikBIEVrprmC/yC5:mg56lZYAhc3/dIaEVrsCq
TLSH EDB5011363DE8364C3B25273BA667B41AE7F782546B1F86B2FD4093DF820521521EA73
Reporter @cocaman
Tags:exe HawkEye

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
US US
Mail intelligence
Geo location:
CH Switzerland
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-03-16 08:52:38 UTC
AV detection:
23 of 31 (74.19%)
Threat level
  5/5
Threat name:
Unknown
Score:
1.00

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870
Rule name:win_hawkeye_keylogger_g0
Author:Various authors / Slavo Greminger, SWITCH-CERT

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

Executable exe 6266401f72539a6707cd55f3e277f6f878e8826af0f2944f7538319c08adc9e7

(this sample)

  
Delivery method
Other

Comments