MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 3 Yara 3 Comments

SHA256 hash: f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4
SHA3-384 hash: e3cfd9c4aaf629fc60fd07f4509e073e9f99263383d6029925978500e37609aa7fc1d4843ed1a6d1719e67e54ad6534b
SHA1 hash: 561696a793ce3ef7f39ca1045a034dd08ec3e7f1
MD5 hash: da562b863edb03d976b5ba170ecb2961
humanhash: fillet-virginia-washington-september
File name:8r9tVWwqo5U1Myj.exe
Download: download sample
Signature HawkEye
File size:792'576 bytes
First seen:2020-06-30 06:05:11 UTC
Last seen:2020-06-30 14:22:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 24576:clQLh9EN0c5l59/LdVgWUlOtCrLJKPZySt:c+vENf5RR1UlOGLUX
TLSH DBF42237B3699B2AD2B6ABB954B118220FB7BE277121D20D5C8455C9AD33F308510FB7
Reporter @cocaman
Tags:exe HawkEye


Mail intelligence
Trap location Impact
DE Germany Low
Global Low
# of uploads 3
# of downloads 33
Origin country US US
CAPE Sandbox Detection:HawkEyev9
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Rdn
First seen:2020-06-30 06:07:03 UTC
AV detection:23 of 31 (74.19%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:n/a
Tags:spyware stealer family:m00nd3v_logger keylogger trojan family:hawkeye_reborn
VirusTotal:Virustotal results 12.50%

Yara Signatures

Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Rule name:win_hawkeye_keylogger_g0
Author:Various authors / Slavo Greminger, SWITCH-CERT

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe f98bb09a67afe83ca7b041488f460d2a8b96224d77f21117d5b0076e04706dd4

(this sample)