MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03858ed158440d03ed25802a74b88cc2091960e35ded3901d4d0370c88a38d9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

HawkEye

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	03858ed158440d03ed25802a74b88cc2091960e35ded3901d4d0370c88a38d9f
SHA3-384 hash:	da110e621d9797c713ee7205ec9aa794a7286615fa685476365b687b2929524338fc2fd602b559fd5c33cca3b5fe00c1
SHA1 hash:	ac6db17646a0ff96ba30e0c96701506a170c7155
MD5 hash:	64608c10963edfeacdeddc9449e66e5f
humanhash:	snake-timing-bulldog-apart
File name:	Bank-transfer-20200002406-pdf.exe
Download:	download sample
Signature	HawkEye Create hunting rule
File size:	612'388 bytes
First seen:	2020-06-24 08:54:27 UTC
Last seen:	2020-06-24 09:47:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	565634639b29b9621071d5ecba087c92 (1 x HawkEye)
ssdeep	12288:9lYQ4szUJJiOBqBrRFtAiY/YVGZaoP73lVXY9+vEpLDS5M1fRewaPK8SE:vH+JiOjmGJDcvNIM1RFaPD
Threatray	2'534 similar samples on MalwareBazaar
TLSH	1DD45B22A2D0443EC27696F99C0F5F7C5826BE103A2469462BE4DDCC6F387D1793629F
Reporter	jarumlus
Tags:	HawkEye

Intelligence

File Origin

# of uploads :

2

# of downloads :

93

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/13632/

Detection(s):

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Creating a file in the %temp% directory

Using the Windows Management Instrumentation requests

Reading critical registry keys

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/03858ed158440d03ed25802a74b88cc2091960e35ded3901d4d0370c88a38d9f/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-06-24 08:56:05 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aocy5ukyiqgqh3jfqavhjoemyiersyhdlxwtsaou2a3qzcfdrwpq._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence spyware

Link:

https://tria.ge/reports/200624-nfbcehm28x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Adds Run entry to start application

Reads user/profile data of web browsers

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip b75a466ea397e931759efabb36c0a2fa7ab41024ebe0d463d95c475745d5a665

exe 03858ed158440d03ed25802a74b88cc2091960e35ded3901d4d0370c88a38d9f

(this sample)

Dropped by

MD5 804b2c94d2eb4956315fdc8b844cef64

Dropped by

SHA256 b75a466ea397e931759efabb36c0a2fa7ab41024ebe0d463d95c475745d5a665

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/13632/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample