MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65ba735b51860a27d7b7880d4f3153ebb4817e162141ceb4624f4f10862d2cfa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65ba735b51860a27d7b7880d4f3153ebb4817e162141ceb4624f4f10862d2cfa
SHA3-384 hash: a3fbe4df2a4895173de54f3586f3ed62c5879f6fe8fea755a9a202fcdd6666c59ef95650cb304d4d43fb3c492bc2d80e
SHA1 hash: 338740846660e26198c654c60adeee84c6e23b64
MD5 hash: a2aa0eb68dac3d9af868672964477355
humanhash: august-cat-five-avocado
File name:monjox.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'510'912 bytes
First seen:2020-06-10 18:41:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d65399c5add7cb5e24be74fb6399173 (7 x AgentTesla, 1 x HawkEye)
ssdeep 24576:lpZm9/TXkFkZTdFBWwmMdHBY2FuUoJ7TbR0HmLEDTCuL/zq:9T6prL6UoJra6EDTCAzq
Threatray 2'148 similar samples on MalwareBazaar
TLSH 7A65C012E6D2E433C372363CBC1B5375B82ABEF02D29994627E58D4C5F3928139791A7
Reporter jarumlus
Tags:HawkEye MassLogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

Gathering data
Threat name:
Win32.Hacktool.CeeInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 15:57:22 UTC
AV detection:
29 of 31 (93.55%)
Threat level:
  1/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
1f068707a8e2353e48ef4e92584b2cf7c7d70ebb01105335128f316deccf13f7
HawkEye
3ce259abdca64cabc5ac51d1810ccff6a02fed247f4e65884d4fa4d23f18e086
HawkEye
4536b554f47500a157315e04f2e13508962eb4590473827d498b989cf8467808
HawkEye
6d430704bd3c6594f4732ec7e0f4bc0b899e93ac4d82d7f32da912dc6bdb9c35
HawkEye
8f5a34f80165dd3b125af00e0f799000581693356c589931ac12a3eca44dba2d
HawkEye
aea256db9e633dc95cde78f5ff4fc30a7a7ca176d2e562a235a098f5f48ef93d
HawkEye
b22c648668d77e156bb1d3df67f22c0731bc3ea1010b4ddba7317f3f71b33329
HawkEye
cc9cd3fab00a7ca68c26cbf9bfcf691aafd004232149c04d2d082a1fe06b9f32
HawkEye
e658ce5f2f5fcf573efe10347d409c2f3ead085da15f88b7310a2487424975e9
HawkEye
e96e191e65ba59a45f7b491b23588a0d6ed50d5ada789b54a6e531dcddbb1221
HawkEye
+ 2'138 additional samples on MalwareBazaar
Result
Malware family:
masslogger
Create hunting rule
Score:
  10/10
Tags:
family:masslogger ransomware spyware stealer upx
Link:
https://tria.ge/reports/201109-d5p5n3s8ce/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
UPX packed file
MassLogger
MassLogger Main Payload
MassLogger log file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Word file doc 8f2fa0b2ae14a325f866335bb72a9ece7c49ed2a003b5298f1eafaa8714953eb

HawkEye

Executable exe 65ba735b51860a27d7b7880d4f3153ebb4817e162141ceb4624f4f10862d2cfa

(this sample)

  
Dropped by
MD5 682aed86c575f8637d11b0c01bc06cb4
  
Dropped by
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 8f2fa0b2ae14a325f866335bb72a9ece7c49ed2a003b5298f1eafaa8714953eb
  
URLhaus
https://urlhaus.abuse.ch/url/386642/

Comments