MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6afe88a410a038c2e304fc192e0a17cf78d93f21075029fcc35d510eb7e5c702. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6afe88a410a038c2e304fc192e0a17cf78d93f21075029fcc35d510eb7e5c702
SHA3-384 hash: a43a6b264c812ba9e79df1904dadc0eac8fd9b269a30021d5ecb04e3885760fe7a15b94c5d1db3e3227e87f1422aeaff
SHA1 hash: 73900212428fd98a726a0928b4cc554b09ced484
MD5 hash: 63fc55750ba3831d6fe592196e866294
humanhash: west-zebra-eleven-green
File name:PQ-TER-OF-470D20-109742 2Q6-20-0083-xlsx.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:556'580 bytes
First seen:2020-06-08 10:38:07 UTC
Last seen:2020-06-08 11:42:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aabbb4372eb59a483c2eb11dc6aea9c8 (9 x AgentTesla, 2 x HawkEye, 1 x AsyncRAT)
ssdeep 12288:HsCOryB5QNN5JIrumfugKrcvi4nWV36PAjUKe:Mb65+JIr1uvY7WF6wUD
Threatray 2'271 similar samples on MalwareBazaar
TLSH 86C48E22E2A154F3C15216FD5C3B5778A8EABE51392825462BF7DC6CDF39781382E183
Reporter jarumlus
Tags:HawkEye

Intelligence

File Origin
# of uploads :
3
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 08:32:20 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nl7irjaqua4mfyye7qms4cqxz54nspzba5ict7gdlviq5n7fy4ba._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
3ba3b6ed1543c0f62a5ad0fc2a2afa116c86ec33fa645eee99a78cf64033ae54
HawkEye
4457d49095a509a84ce5c9796b7470c03a95638e1f628882cb8f6331b0153efb
HawkEye
5dd4ce47e282ef174b47b0fe99ecbe45c041610d654884cffa960e2ddb143b70
HawkEye
7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
HawkEye
80ee42d530f42fd7717450f85e3e68dbea5e0dbf7c856a381dde02c7dfb5b5cd
HawkEye
85b315f053164c0910b88178383f3271d8faef791d4cb35442f246c91bd80225
HawkEye
9346abda4d705ecc5d46797989616589058a19fa3857c232ff5bec166051830a
HawkEye
c893722ab8df6a931a152f0726b1c3de85ef306e746f9b597c7e5d148c9944a6
HawkEye
ddefa12712998a6705858c96559d4f08a6f75615298c321be7eecc1a60ccc04f
HawkEye
f1cb2240eab8c2a7807b5a2b3c9b8f8320d88d7ec5a75dc28280fa5522e8e35a
HawkEye
+ 2'261 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-ehghgf7vwj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip ea8a073fdd6a4c83248ba1aebd3f23125f23b0cf0ccadf9a01ec4a0ab033842e

HawkEye

Executable exe 6afe88a410a038c2e304fc192e0a17cf78d93f21075029fcc35d510eb7e5c702

(this sample)

  
Dropped by
MD5 148548b75380589f35c9821e6c74feb6
  
Dropped by
SHA256 ea8a073fdd6a4c83248ba1aebd3f23125f23b0cf0ccadf9a01ec4a0ab033842e
  
Delivery method
Distributed via e-mail attachment

Comments