MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05e7bf43e209ba607601f4c8f638c128537a7a48f5519f1192dac74a25b506c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05e7bf43e209ba607601f4c8f638c128537a7a48f5519f1192dac74a25b506c3
SHA3-384 hash: dff37d6de4524bd8018f8b973bfe974d4d86fef46ab0691646313d1f85a6b457424a2d357623c9dafad75bc1ecc7518e
SHA1 hash: 787b2e13379e8a81de8c67c17a97781e750b18fd
MD5 hash: 3bebd77e52ba5a8b2313991f1ad98729
humanhash: dakota-juliet-delaware-mockingbird
File name:CutFy41zPiv0RnA.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:744'960 bytes
First seen:2020-06-19 05:49:31 UTC
Last seen:2020-06-19 07:04:00 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:KzGSZEgn05KW49HxJ6p1Dig1UdeFqeuc3rEMVYnFbOpbs0qPMDTyCLX1Qns4Dsuk:qGPc9W47ejqoFRPrEMqFbOOPMDTyIXzR
Threatray 384 similar samples on MalwareBazaar
TLSH BBF4237A6E64DE7DDD6943B6B65781810F7492821B03EF6D8FC4B1DA1BF63AA40021C3
Reporter abuse_ch
Tags:exe HawkEye


Avatar
abuse_ch
Malspam distributing HawkEye:

HELO: mout-xforward.web.de
Sending IP: 82.165.159.35
From: Erika Maria Castaneda Lopez <erika.castaneda@finca.co>
Subject: VERY URGENT QUOTE
Attachment: QUOTATION.zip (contains "CutFy41zPiv0RnA.exe")

HawkEye SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
PredatorPain
Create hunting rule
Link:
https://www.capesandbox.com/analysis/9433/
Detection(s):
SecuriteInfo.com.Trojan.Inject3.43622.4424.14163.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 00:25:59 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=axt36q7cbg5ga5qb6tepmogbfbjxu6si6viz6ems3lduujnva3bq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
emotet
Create hunting rule
Similar samples:
17fa709f1a866d573f997f8f1288d537de382cccc5a4f9c1811db9da34c016b2
HawkEye
38701fe4b63d1436ba2e26cc7e268327299b58bcccbf074bfb2cbbcf57ceb2ea
HawkEye
68101d145825fc980210f1f56638011d98eeaf5c53fb734b62a80dac6489f2e3
HawkEye
69f67f002f144d04bbe310e507a5fd32358d8d69daf9c0b9f352a7ba1049f5d6
HawkEye
7e6dc9928e049d75cd726d8542b39cf46afef0cfd37c8dcb968ea618aedbb696
HawkEye
944b633d92799fe6aeefae5de7945b6b0b69020ed669d9d7e68ebd80868771e6
HawkEye
a2966a3e5a7753ea245a9e5228cf96d631e15a3777a5b2550724bed0f646784a
HawkEye
a8adfc7cca5bc0c9c90aae50e72e92122ac2efeb9307d38fc82c349f4ef5efcd
HawkEye
da2e87ff6e505f0e64c3804f5355d693d9fd69e71916812f75bcd43b6cd445ec
HawkEye
f644429ae879d41b7edfc6eed05d575b0b616c70327955e32d15875dcc3d5c49
HawkEye
+ 374 additional samples on MalwareBazaar
Result
Malware family:
hawkeye
Create hunting rule
Score:
  10/10
Tags:
keylogger trojan stealer spyware family:hawkeye
Link:
https://tria.ge/reports/200624-t4fsk5fa5s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Uses the VBS compiler for execution
Reads user/profile data of web browsers
HawkEye
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RAT_PredatorPain
Create hunting rule
Author:Kevin Breen <kevin@techanarchy.net>
Description:Detects PredatorPain RAT
Reference:http://malwareconfig.com/stats/PredatorPain
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip acea0c310bf13742a15e126767a72f1f9e16cc7ac1a5c7060ab4667fd3eb4721

HawkEye

Executable exe 05e7bf43e209ba607601f4c8f638c128537a7a48f5519f1192dac74a25b506c3

(this sample)

  
Dropped by
MD5 45c6247a219b13d19cebfbdcffd7616a
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 acea0c310bf13742a15e126767a72f1f9e16cc7ac1a5c7060ab4667fd3eb4721
Cape
Cape
https://www.capesandbox.com/analysis/9433/

Comments