MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca0ffb047bb011ae244daae2f9eb29e4e2db3d77817c5eea1636ce57b6c041cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca0ffb047bb011ae244daae2f9eb29e4e2db3d77817c5eea1636ce57b6c041cb
SHA3-384 hash: 20c46d7f81a650c00a5ba7957b2f8c2916c8f508e7f3796a2189d96a1bef08f551ce6483b6defe6e56b5e5d6a8c23a78
SHA1 hash: 76382d36207434b0ed427f3ba1b41d93b0c659f4
MD5 hash: 975b9e23baf9ae1387f28b20cf8a2d36
humanhash: foxtrot-zebra-edward-finch
File name:ca0ffb047bb011ae244daae2f9eb29e4e2db3d77817c5eea1636ce57b6c041cb
Download: download sample
Signature HawkEye
Create hunting rule
File size:489'288 bytes
First seen:2020-06-10 11:36:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:VYV6MorX7qzuC3QHO9FQVHPF51jgc1Gd6hVXjnh6:KBXu9HGaVHHVzh6
Threatray 1'086 similar samples on MalwareBazaar
TLSH 38A423C16FF66224E4F32BB2AD7921206922BCE5E675D38D1164681D9C2BF40DD32773
Reporter JAMESWT_WT
Tags:HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Malware.Generic-6964340-0
Create hunting rule

Win.Downloader.Juqk-6964695-0
Create hunting rule

Win.Dropper.Remcos-6965112-0
Create hunting rule

Win.Dropper.Autoit-6964335-1
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 23:05:30 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
1a59c372fb9eb877ba20377d45cb74dcdb23cf4ed0436f6baeb1afea51894950
HawkEye
28102f94dd691b7e8f350f294bb627cc5620188b9b8f3fb5fba6e822924105fe
HawkEye
3148f0c0266e7ec90e12a356b8a88a272f3dd4e88c7aa9db82da2788bd0dc2d5
HawkEye
36e5646b2622d4c47947fa54a8f35c1c9d91db60ce3116e352f9f93b8a9f3ada
HawkEye
62e9a9522a98f1a4ad322c5ef52fa3187a1204df9455d57766e4b221dc56fd35
HawkEye
908959fae28ad03836fb12b94a9a2f80981ec15f6481c230b9108f097edeb176
HawkEye
d8c07fc0cc1addc3f25623ac872703d2c10ae5e8fadc7370e13b4162e063a376
HawkEye
ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
HawkEye
eee4d211bbffe896f0de21854cb5adac6e10c85016986efd260b45c7022d7521
HawkEye
f428cda5f99c3961bb5532cd38f6c512cffb2a6dfc30865897e52d838c7cfef2
HawkEye
+ 1'076 additional samples on MalwareBazaar
Result
Malware family:
njrat
Create hunting rule
Score:
  10/10
Tags:
family:njrat evasion persistence trojan upx
Link:
https://tria.ge/reports/201109-5r68t32fge/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies service
Suspicious use of SetThreadContext
Drops startup file
Modifies Windows Firewall
njRAT/Bladabindi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments