MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59ab4b0c88cb9e1c3b2b19b34f13e09397b81fadcd8440e7657a2d258b1c9f85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59ab4b0c88cb9e1c3b2b19b34f13e09397b81fadcd8440e7657a2d258b1c9f85
SHA3-384 hash: 84bcbbefa3fff7b8ff54e226908178f70a87e35a0ae7ac5d2730f9163c56a17ea20d0d1adfcbeb9b8ba35688e4517b06
SHA1 hash: 4f72f2d591edf087ebfbfd827873a1cfa63d50b9
MD5 hash: bc7a9b6c84ed5d6c62d6eb1e17fcf8c9
humanhash: lactose-muppet-kitten-nevada
File name:SecuriteInfo.com.Trojan.Siggen9.25745.22343.7589
Download: download sample
Signature HawkEye
Create hunting rule
File size:923'136 bytes
First seen:2020-03-25 13:04:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:FsVddaxU3ApDPFsdr/b3+zwRCSFU6LxbU9Npmn5cTxZpvjd4SfAv15j1Tr/6vFxq:WVddLWPdzhN97AaZ5P69b6t92d
Threatray 5'104 similar samples on MalwareBazaar
TLSH 201512093AD0F64FC06F9EFA94840D008331A967930AE6776DCB25E8598F71ABE117D7
Reporter SecuriteInfoCom
Tags:HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.25745.22343.7589.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 01:57:11 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
00e8d6de1e2450594b8e61c5f8ce0b7c0b0aff075e72e79b7be035203511abbb
HawkEye
162a5aa5e6e0298edbae1a494d2a3e177f0fb42b1c2e35eaecdbe1715d519694
HawkEye
79bbb6858997f49d3e688ccfc44206f89ab731a1e17b3be82a1c8062e7683913
HawkEye
7d6b63c5a80035e7823a17dc7493048dbf0bdd33110ae9df169a3bcee02527b9
HawkEye
895bd4c8d2a48b22575765b56e28816dfec0a3ab991140a62cf76802c53a07bf
HawkEye
9eac9249872f6d3b63577f6180950e2902de72dbff05624af4c1ea7eee6ecfe7
HawkEye
a4cebe4913d275f7387b8d8b2acb7d76324550746e8802f28d432a15d3608194
HawkEye
cc91f115d2bae877c7b29b2e150743fdc1e3a7aa931829a3694ad3d621a9832f
HawkEye
cf13202e5434ed24d8aa3c5c726735a4b3937269f44963bd6476467b63ab8a5e
HawkEye
d0be07347ce319cbce0fa252c4a030834dafe118c2ea50a6e05951ecf06b20da
HawkEye
+ 5'094 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_blackremote_w0
Create hunting rule
Author:jeFF0Falltrades

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe 59ab4b0c88cb9e1c3b2b19b34f13e09397b81fadcd8440e7657a2d258b1c9f85

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329709/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments