MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51
SHA3-384 hash: 69d052c97a3d24fcd90c21f16d5611d0b1ef6f196899556294ce2312709f62d1beb3eb60bb4837f85c8999899b9d38fb
SHA1 hash: 45e47082f52e6992d4e4d256ae0ca9ebf4ac0189
MD5 hash: ab36441008e386cf0087ca356a373bd1
humanhash: eleven-hot-oregon-queen
File name:file-rfjd81347_pdf.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:603'172 bytes
First seen:2020-06-15 05:00:39 UTC
Last seen:2020-06-15 14:15:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 54460d2eedb6a541ae3fa68cd3e66377 (10 x Loki, 8 x AgentTesla, 4 x NanoCore)
ssdeep 12288:yn5WrxQ9hwM0cqsdxGAukR6E2F6Be8nAOXDpyYY+77Az3ji8:EQrx8h9Osdgk72wJ/4Yxqzr
Threatray 3'171 similar samples on MalwareBazaar
TLSH E8D47E62E2D04437C3E6363DDF4B96749C2BBA1329282D466BE4CF4C9F397813967192
Reporter jarumlus
Tags:HawkEye

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10200/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 00:20:28 UTC
File Type:
PE (Exe)
Extracted files:
258
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ouaxiw74uafdav26f2scdg4i546uwgp7nbg657hfyugtfh437riq._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
0592333ddc8cbc8651ba7b782a70b972e4627b1505ba9b1812a97046f0484df1
HawkEye
08f7d226c61cc7f24dfc55909238659ddf5c09f47127f348322c2d8636cdca1c
HawkEye
6480d0d4232a23159e754ab88769b21a48e8bc4a86fa84b99c2160b2bfb09244
HawkEye
6afe88a410a038c2e304fc192e0a17cf78d93f21075029fcc35d510eb7e5c702
HawkEye
6d415497a3d0845048c1ccafb82bf70283dd6976dbabb8f1cf639b9780571a40
HawkEye
7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
HawkEye
b44ef73bf2306886ca92291cbbdc5b0d07d6878f9a1b3c84ce476ca69cc4532e
HawkEye
d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627
HawkEye
e24a3fe957675ab9e6815582079bf483dd6f0b75e744b51d6f71d4fdcb301da0
HawkEye
e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3
HawkEye
+ 3'161 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-zah1d29aba/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 43f7829929b19ce4720cd03c558b1492dca2328ae99aa8ea75ba203f37de3c57

HawkEye

Executable exe 7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51

(this sample)

  
Dropped by
MD5 52396576479a77221155c195fe11741f
  
Dropped by
SHA256 43f7829929b19ce4720cd03c558b1492dca2328ae99aa8ea75ba203f37de3c57
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/10200/

Comments