MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

HawkEye

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
SHA3-384 hash:	e28e2a1dc1c346e351a06cd87076314e82a241f8939e27525d4478591371ff3fe9758316ead86aae86c8a3e9d143c617
SHA1 hash:	6f8b228c5af016a1bf56cf13868a69c18132ba68
MD5 hash:	3176b2ec16893db023f902131a692a54
humanhash:	echo-july-bulldog-uniform
File name:	scan0007.exe
Download:	download sample
Signature	HawkEye Create hunting rule
File size:	793'636 bytes
First seen:	2020-06-25 12:28:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a29f4efb911c4906418600fd25679688 (11 x Loki, 10 x AgentTesla, 2 x HawkEye)
ssdeep	12288:k16DRdrkQMFHVsMlrsy/bz5JF4WHC1PgI9vFcnQdTZByM9SVZLkm0bjURkT:C69dI9Dl7bPF4sm9dNdNByMEfAm0vURw
Threatray	1'926 similar samples on MalwareBazaar
TLSH	C5F47EA2F2A14433C1721A3B4D6F52F57429BE10AD38AD466BE4DDCC9F3B64138352A7
Reporter	jarumlus
Tags:	HawkEye

Intelligence

File Origin

# of uploads :

1

# of downloads :

81

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/14259/

Detection(s):

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

PUA.Win.Adware.Webalta-6862190-0

SecuriteInfo.com.Win32.Herz.B.10803.7096.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Creating a file in the %temp% directory

Using the Windows Management Instrumentation requests

Reading critical registry keys

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673/

Threat name:

Win32.Infostealer.Fareit

Status:

Malicious

First seen:

2020-06-25 09:56:55 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=o5syqlnd7kbfkfdt4fpzg4lag3qylooyr4kt7oyvm2ex3qhvezzq._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence spyware

Link:

https://tria.ge/reports/200625-2ecjc3aedx/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Adds Run entry to start application

Reads user/profile data of web browsers

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 9a24cdfb872ae62cb475ac3870bbc0bcd73c995fedc9bfa8fdb960d4f10d6ab4

exe 7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673

(this sample)

Dropped by

MD5 2d12f72283738c1ab3be3bc3c962358d

Dropped by

SHA256 9a24cdfb872ae62cb475ac3870bbc0bcd73c995fedc9bfa8fdb960d4f10d6ab4

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/14259/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample