MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52054471a155edf2779e397464d81796b16de9f44476388591dd91a9ce136df2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52054471a155edf2779e397464d81796b16de9f44476388591dd91a9ce136df2
SHA3-384 hash: 39f6d3c1064186a26af3d710daecbec9b2847a6a700b7c095c5276b55bb6e7e3387af025b49547167aa4e0cbc7711803
SHA1 hash: f021136d206e1ae8c80ac1da0593ffc8f8f0e783
MD5 hash: a73ec2799f1808e2fd2b451e6b4afc4f
humanhash: michigan-network-foxtrot-early
File name:BMS20081709SQ-SU14-xlsx.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:610'852 bytes
First seen:2020-06-18 09:44:50 UTC
Last seen:2020-06-18 18:35:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 90117697cc8be5d6ed7c153e6a15a30e (8 x AgentTesla, 3 x NanoCore, 2 x Loki)
ssdeep 12288:6zvyFcE4IMkvtlLnUHRyC0ZQXO7dEkPopRf9WV7a:gGcUvtGoC02Ohz45gV+
Threatray 4'243 similar samples on MalwareBazaar
TLSH 87D47C23E2D04433C1271E398F5B97759D2DBE102968A9466BF4DD6C9F3938138362AF
Reporter jarumlus
Tags:HawkEye

Intelligence

File Origin
# of uploads :
5
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19739/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 09:28:47 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kicui4nbkxw7e546hf2gjwaxs2yw32puir3drbmr3wi2ttqtnxza._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
03858ed158440d03ed25802a74b88cc2091960e35ded3901d4d0370c88a38d9f
HawkEye
073c3d60993b41a1ea5847c06dab48a4bf4e3da87e74d26d8d51a1c11e0dae0c
HawkEye
08f7d226c61cc7f24dfc55909238659ddf5c09f47127f348322c2d8636cdca1c
HawkEye
6480d0d4232a23159e754ab88769b21a48e8bc4a86fa84b99c2160b2bfb09244
HawkEye
6afe88a410a038c2e304fc192e0a17cf78d93f21075029fcc35d510eb7e5c702
HawkEye
6d415497a3d0845048c1ccafb82bf70283dd6976dbabb8f1cf639b9780571a40
HawkEye
7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
HawkEye
7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
HawkEye
b44ef73bf2306886ca92291cbbdc5b0d07d6878f9a1b3c84ce476ca69cc4532e
HawkEye
e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3
HawkEye
+ 4'233 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/200624-fr3lbpwxh2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run entry to start application
Reads user/profile data of web browsers
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 285515bf8383d17ce4932a14e974c605ba5a4c1910ef8c1137f015ac047ba87c

HawkEye

Executable exe 52054471a155edf2779e397464d81796b16de9f44476388591dd91a9ce136df2

(this sample)

  
Dropped by
MD5 72fe41cb314b1f19d24f918da931fb3b
  
Dropped by
SHA256 285515bf8383d17ce4932a14e974c605ba5a4c1910ef8c1137f015ac047ba87c
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/19739/

Comments