MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4
SHA3-384 hash: e3cfd9c4aaf629fc60fd07f4509e073e9f99263383d6029925978500e37609aa7fc1d4843ed1a6d1719e67e54ad6534b
SHA1 hash: 561696a793ce3ef7f39ca1045a034dd08ec3e7f1
MD5 hash: da562b863edb03d976b5ba170ecb2961
humanhash: fillet-virginia-washington-september
File name:8r9tVWwqo5U1Myj.exe
Download: download sample
Signature HawkEye
File size:792'576 bytes
First seen:2020-06-30 06:05:11 UTC
Last seen:2020-06-30 14:22:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:clQLh9EN0c5l59/LdVgWUlOtCrLJKPZySt:c+vENf5RR1UlOGLUX
TLSH DBF42237B3699B2AD2B6ABB954B118220FB7BE277121D20D5C8455C9AD33F308510FB7
Reporter @cocaman
Tags:exe HawkEye

Intelligence


Mail intelligence
Trap location Impact
DE Germany Low
Global Low
# of uploads 3
# of downloads 33
Origin country US US
CAPE Sandbox Detection:HawkEyev9
Link: https://www.capesandbox.com/analysis/16797/
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Rdn
First seen:2020-06-30 06:07:03 UTC
AV detection:23 of 31 (74.19%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-kb7ynf4sts/
Tags:spyware stealer family:m00nd3v_logger keylogger trojan family:hawkeye_reborn
VirusTotal:Virustotal results 12.50%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870
Rule name:win_hawkeye_keylogger_g0
Author:Various authors / Slavo Greminger, SWITCH-CERT

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

Executable exe f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4

(this sample)

Comments