MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a
SHA3-384 hash: 5ade778a54d282a26f1cfa41640717ee6bb7c910fe0f6e48b1b16d53924b6f565b8ed28723e6aa83d2ef4f20f6e6d569
SHA1 hash: 0783b8327a88aff87c627497d4333fd778da59be
MD5 hash: fb2ca93f987313108abdd4a6d687783a
humanhash: bulldog-autumn-uniform-quiet
File name:iec56w4ibovnb4wc.onion_Library__StealersAndTrojans__PasswordStealer.NET.bin.malw
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'272'320 bytes
First seen:2020-03-18 22:55:14 UTC
Last seen:2020-03-18 23:05:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'647 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 12288:KKn7XIK6rFQuoa+xhXy7CNI7TMq9IOvK2TaSJbeWBSuIGZi0k:K6XIFxxh+xhUCCTMyIOv52DWBQGI
Threatray 632 similar samples on MalwareBazaar
TLSH D9452A3635C388A9DD2A46B00438DDC1B2657A493B89CE3FB5D7530D9F010AF7B2AD69
Reporter ov3rflow1
Tags:HawkEye malw

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader26.39159.24030.9408.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2018-10-04 05:58:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
00c654d5c39fed0a4b4a1f04c45399c3750608f1b307796a5a7d2fca9478344d
HawkEye
064f9d36244da72bad18432a7235279226dd6104fbdc110e04c212e34b68432d
HawkEye
202b6460412616a353d08217c32a0ba18305ea7819296871c16e1a0890c38853
HawkEye
36de45886141a52528387c263e8cf8e4748a18b5198a9cefc1c1fb389e6eb663
HawkEye
70395c26a34c4981620d8e2b007703e23ea9b3267fd577c776930b8d47d3768b
HawkEye
89783698af3d7850d24aab49842448e97ea61977ceb7133d501057349d8cbffe
HawkEye
9f80f311d2f6a2ccaa0d4aa42ce625b6317a1785a9bb52bde2fa68f68fc7f68f
HawkEye
b27fd2cbe483e550851bc677136273b638ca49ac2bf58e64e51ca1db6763f387
HawkEye
dc7dcd0b09fa13bd6af193cac9a2b68892f0b51670b045a824806852f4205689
HawkEye
e30457394a1155cb80d2c51170f98be3c246f716010d8ee7441a4971c2b8103d
HawkEye
+ 622 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b9561f35b2fa188ed20de24bb67956e15858aeb67441fb31cbcfe84e1d4edc9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments