MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0846f6019d7fe774dc75d2f35a88769fdd49f99fad217283287f24c1bb54c45e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 2 Yara 2 Comments

SHA256 hash: 0846f6019d7fe774dc75d2f35a88769fdd49f99fad217283287f24c1bb54c45e
SHA1 hash: 61b3dc786bc37752a09279b6e1806099c0924179
MD5 hash: de9bb21c18602d65e28f3c716301fd33
File name:lIXDHbCcrwGvgZd.exe
Download: download sample
Signature HawkEye
File size:737'280 bytes
First seen:2020-05-23 12:19:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:Ymkbep+fUxAe8m2FrFU7NWuyHh20SgiKFWy4qIw++7Igzqm6cd/7mnpyJ3qo5TnL:Ym8CUHFJ+NFmdfW34fduOd/74oFqohfD
TLSH 6BF4014572A8581BC6ED40F8619EF28443F245BF1692FBE5DC8231FB36C3BDA4612993
Reporter @Jouliok
Tags:exe HawkEye

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 21
Origin country GB GB
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
VirusTotal:Virustotal results 40.28%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe 0846f6019d7fe774dc75d2f35a88769fdd49f99fad217283287f24c1bb54c45e

(this sample)

  
Delivery method
Distributed via web download

Comments