MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 beaee29c11566ce99ec0fb9ddbb2e1df84530ea5b6f88cb099f63bbb0da5c7b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: beaee29c11566ce99ec0fb9ddbb2e1df84530ea5b6f88cb099f63bbb0da5c7b8
SHA3-384 hash: 1653b4b3c714aaa151ef5ba73fb31b748a44ea74e6b7323c5e7c22a0d485d8ef4c0e8621aa6ad07a99fa407758f06b0b
SHA1 hash: 0e461abf59e7812839b0ff6f986bfcb6658bf384
MD5 hash: b32780e2e8099d43091f515bdf341ad8
humanhash: paris-kansas-autumn-east
File name:Drawing files .pdf.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:766'976 bytes
First seen:2020-05-12 11:20:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:R7AWg/rrxnU7Iwhmpy0/K33hRrsFgGcbx0QPdjFbIT7MrmeXK:yLxnKIMmpyF3RdOgNhPdZbE7Mr5XK
Threatray 6'263 similar samples on MalwareBazaar
TLSH 0AF4E00523BC5B26E07A9BF518B1A420CBF6B62B7179D3AC4DC224CA16E2F41CD15F67
Reporter James_inthe_box
Tags:exe HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:18:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2xofharkzwothwa7oo5xmxb36cfgdvfw34izmez6y53wdnfy64a._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
1d492bc6d7dd22a0ff5c75a3cff6a19629a0179b27b15045bb7893439fd91ca3
HawkEye
3c0f1342da1381efcb02db88a6f0c2c5da6006288915b146684e5de5e4bd7a8b
HawkEye
3dd0e88a93b6d4fa561f0ece77fee607262c53a5ecb7164b64c29505b88083a8
HawkEye
95dce20d910cf373ff2b72697282c344313dd3bf7ffd09c4ece59cd9f58c8972
HawkEye
9c44ef5fa89f794692ac705468329bb38b32191dea5fa24dba8ae217ed6b3e2a
HawkEye
b1becab061f6539b36256986ccfd39faa86ef9d8f710956fd9e9806fb6376cbd
HawkEye
bbf613ce1f6850b2b62c6f55082ab7b9bcc7f92db0a8ec8f0b495e29cb4988ae
HawkEye
c6043128c116aedacc1be9abbcb74898065374269665a5387960ce47e805c2c0
HawkEye
cb8d412bcde5007a389cfbf650e356fc4aca9c56499594af40306234e85c52db
HawkEye
e842dbdc4b41d7516d87ccc21fa365b93c4c94ce5a75dc6f06321f90efa19e29
HawkEye
+ 6'253 additional samples on MalwareBazaar
Result
Malware family:
hawkeye_reborn
Create hunting rule
Score:
  10/10
Tags:
family:hawkeye_reborn keylogger spyware stealer trojan
Link:
https://tria.ge/reports/201109-twmv3gs4ma/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of web browsers
Uses the VBS compiler for execution
HawkEye Reborn
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments