MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08f7d226c61cc7f24dfc55909238659ddf5c09f47127f348322c2d8636cdca1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08f7d226c61cc7f24dfc55909238659ddf5c09f47127f348322c2d8636cdca1c
SHA3-384 hash: aff53cc44b68f42a8fe92ae00a9cbebdfb3a03cdf0ec0ec00a4cb739ad98745b9912c4eaf1d27a06237c9a2a48db6eda
SHA1 hash: cadb6e9b86fec0f207b60b7b6d4b880a2bf4db91
MD5 hash: acb3f948b12a1fe4a018ca075c6b3ee9
humanhash: two-chicken-moon-neptune
File name:scan-docrt298414_pdf.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:515'620 bytes
First seen:2020-06-04 11:53:39 UTC
Last seen:2020-06-04 12:26:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fec7202070edb9862911b0bdf2bee56d (13 x AgentTesla, 3 x HawkEye, 3 x Loki)
ssdeep 12288:eZvDjvD2TsFPsy9Rz3cVpMImn0HRnAAATtW1kGM:eLH2TsF1RGplKCRnAAATtW17M
Threatray 2'846 similar samples on MalwareBazaar
TLSH 19B47E22E2A05437C752167E5D1B5F78582ABA622D2B25476BFCEC489F3D2C3352E1C3
Reporter jarumlus
Tags:HawkEye

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 18:37:00 UTC
File Type:
PE (Exe)
Extracted files:
258
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bd35ejwgdtd7etp4kwijeodftxpvycpuoet7gsbsfqwymnwnzioa._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
03858ed158440d03ed25802a74b88cc2091960e35ded3901d4d0370c88a38d9f
HawkEye
0776457840077a9b6ac113b23ebf60c224c3c7b4807c6698fdfe764531d285be
HawkEye
52054471a155edf2779e397464d81796b16de9f44476388591dd91a9ce136df2
HawkEye
6480d0d4232a23159e754ab88769b21a48e8bc4a86fa84b99c2160b2bfb09244
HawkEye
6d415497a3d0845048c1ccafb82bf70283dd6976dbabb8f1cf639b9780571a40
HawkEye
7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51
HawkEye
7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
HawkEye
7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
HawkEye
b44ef73bf2306886ca92291cbbdc5b0d07d6878f9a1b3c84ce476ca69cc4532e
HawkEye
e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3
HawkEye
+ 2'836 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-b7jzjerm22/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 43a36bb334ce4a81e1b6ef8fac6b2b2185a0b2ca27e9e0257f501e3e712b4b7b

HawkEye

Executable exe 08f7d226c61cc7f24dfc55909238659ddf5c09f47127f348322c2d8636cdca1c

(this sample)

  
Dropped by
MD5 ad0c0bb88d7809018695d5b0e0945b80
  
Dropped by
SHA256 43a36bb334ce4a81e1b6ef8fac6b2b2185a0b2ca27e9e0257f501e3e712b4b7b
  
Delivery method
Distributed via e-mail attachment

Comments