MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 149be9ee402fe6934e8898ac578f8ded23d397761ab4fa0a976c9d978d489948. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 149be9ee402fe6934e8898ac578f8ded23d397761ab4fa0a976c9d978d489948
SHA3-384 hash: 5a15f819b42affc25a318dbb99a97830b3987860ac9a6931c95ed503aff849bc3414427fcca957793717e128c1609a34
SHA1 hash: 02b01a0789b2fb4bf1653be037c1c1a9481b2946
MD5 hash: c003f027a24ea3d965624867db00d978
humanhash: montana-florida-freddie-uncle
File name:SecuriteInfo.com.Fareit-FTBC003F027A24E.19563
Download: download sample
Signature HawkEye
Create hunting rule
File size:575'720 bytes
First seen:2020-06-02 15:36:22 UTC
Last seen:2020-06-02 16:32:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 45daeff6215e56040b64c42a9b6c5e14 (11 x AgentTesla, 3 x Loki, 1 x HawkEye)
ssdeep 12288:g2Vikn7tJvrf7AduG608aVEnRmpr1Cot1:rEkJFC00JMYpr1tD
Threatray 2'359 similar samples on MalwareBazaar
TLSH 05C46C22B2F04433C1672E789C1B5778BC25BDD069286A462BF4DDCC9F356813B6919F
Reporter SecuriteInfoCom
Tags:HawkEye

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTBC003F027A24E.19563.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 14:15:32 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
2d1ed3f838936881bbcce13d13dd480e70ced0e796e6d6acd9b563dcc0c6696d
HawkEye
4b2ba5e0907fa5c1cbfd980bee03483ccce1d11bdcf924e90de7a7c72ded2ef9
HawkEye
5c2be89f4ae2a9cb4f80b264b98026986b76c1f971a5ee7bfe138fcfdb196430
HawkEye
7867b1b4c3c9620f168f2724bf8f68301a942922cd542cb278f819bfbb051040
HawkEye
a1bf146c35c74c629420c6c093d43181a53c8ae787cfb1b6d45318e3c02746d3
HawkEye
b696bd66d67df6095b792c081f3c3f71f5fe29f58b5cd8599e0fd5e1f16d290e
HawkEye
ba30aa707120fb8a73c2e367ca519aa6fd38a83dc74680eeada79a25f5ef2800
HawkEye
c4c8770d23abfebf060ae159e67040f060e9e0dbf5b2838a089533b1a7278cf4
HawkEye
c677bad5164cba6393a99db3052e7fb09c3058c14897a9259611f685693c256e
HawkEye
eceaeb5dd1fdf321efcf6c4e33706e025408deaa74ece9fb0e4e145901513cf2
HawkEye
+ 2'349 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence trojan upx
Link:
https://tria.ge/reports/201109-amjj1bqbmj/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of SetThreadContext
Adds Run key to start application
Checks whether UAC is enabled
Deletes itself
Drops startup file
Loads dropped DLL
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Executes dropped EXE
UPX packed file
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe 149be9ee402fe6934e8898ac578f8ded23d397761ab4fa0a976c9d978d489948

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/374515/
  
Delivery method
Distributed via web download

Comments