MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e19889ca24913c6ae660e416467cd2f90f15806d2b1492993874e3d17ebd101. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 1 Yara 2 Comments

SHA256 hash: 5e19889ca24913c6ae660e416467cd2f90f15806d2b1492993874e3d17ebd101
SHA1 hash: 63d2d11e4cf95884ed403db282ecf61fb819d02a
MD5 hash: 7d965a91754c6100aa88c9253a402fb6
File name:swift payments USD_xlsx.exe
Download: download sample
Signature HawkEye
File size:664'576 bytes
First seen:2020-05-22 13:30:14 UTC
Last seen:2020-05-22 15:38:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:KOVh22hV2jSW8Q2bUxpWpphzUzhw3a+wUWriQjmrOCi0bplj1Onj:paZblbWFzMwqbr5lVCp2
TLSH 42E41202A1FC4737E62E97FA50E1406107F9B82A5693F39E4ED260E26D737904F51E8B
Reporter @James_inthe_box
Tags:exe HawkEye

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 3
# of downloads 26
Origin country FR FR
ClamAV SecuriteInfo.com.Trojan.Siggen9.48419.22234.11016.UNOFFICIAL
VirusTotal:Virustotal results 23.29%
ReversingLabs :No data

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments