MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6cc097da2bee5d66e38a786047089065ad694607297795f7088847cdcb1643e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6cc097da2bee5d66e38a786047089065ad694607297795f7088847cdcb1643e
SHA3-384 hash: fa2ff342d46b64bf4b838f21b8a8976241d4703a1b21a6206db0d618299bc875f9eaec25b8c3a57bfa502b0b69eaa557
SHA1 hash: 88e8b4e3252b76232d5b5d7bca0a4fbc505961e8
MD5 hash: 3b50feaab7beaf0ab69164d14c3eda9e
humanhash: delaware-mirror-robin-earth
File name:MT103 SWIFT_PDF.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:718'848 bytes
First seen:2020-04-01 12:19:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:/DV4l2iNyWluU5bJaLfqWXg1TYep4g/v8Q8P1oL0Ysbi52j11BR/:/I1AWXbJ+gBjH0P1oLwbe2lR/
Threatray 6'966 similar samples on MalwareBazaar
TLSH 43E422D832A8283FC5B919FC1113280857F722695693E3CE589F51EF1EAABD781581E3
Reporter c_APT_ure
Tags:HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EHIK.17668.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 14:15:39 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u3gas7ncx3s5m3ryu6dai4ejaznnnfdaoklxsx3qrcchzxfrmq7a._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
13f51d450568dc6ee7223eb76584d17417a2ef85141e74720445cfba0b10ad5d
HawkEye
1de91436b3674fb28cbbfb0a16ccc2f428598b3eff15bafefbe82939cd423835
HawkEye
2e00a231db5268aabbf82259fb2f25b541b7877a5d8be339b107dfab1e896338
HawkEye
3dd0e88a93b6d4fa561f0ece77fee607262c53a5ecb7164b64c29505b88083a8
HawkEye
95dce20d910cf373ff2b72697282c344313dd3bf7ffd09c4ece59cd9f58c8972
HawkEye
ad89c1a605bbc657714b5c70d3fe0311875cfe7b5730b5b2a2012e177f989890
HawkEye
bbf613ce1f6850b2b62c6f55082ab7b9bcc7f92db0a8ec8f0b495e29cb4988ae
HawkEye
c6043128c116aedacc1be9abbcb74898065374269665a5387960ce47e805c2c0
HawkEye
cb8d412bcde5007a389cfbf650e356fc4aca9c56499594af40306234e85c52db
HawkEye
f46f7af124b25fff7a984b802bfa9f1f01f1efcc3416221aa9b6254150ac9667
HawkEye
+ 6'956 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

Executable exe a6cc097da2bee5d66e38a786047089065ad694607297795f7088847cdcb1643e

(this sample)

  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments