MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf15b6d8ed1637598fd2d08ae5f619a4c08c6b03372fddfa8f68f6380e735083. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 2 Yara 2 Comments

SHA256 hash: bf15b6d8ed1637598fd2d08ae5f619a4c08c6b03372fddfa8f68f6380e735083
SHA1 hash: 56bd71035c7ac530081773edf2c7e4f98ad0f227
MD5 hash: 9ff3b86a70dcb453a7d311898bfff318
File name:5qkyCFBk6g6Malg.exe
Download: download sample
Signature HawkEye
File size:737'792 bytes
First seen:2020-05-23 12:18:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:F5sXT278e5BFiH7pIaZthaQ7ImYVBGTTBmDboycdzS07mDyG5S8gy28bf3N2ZN5t:F5slHdIaZ3aQImYVcQP9ez7qDyWgUwZ5
TLSH 17F40110B6689E0BC7E840F540D6F2C147B95AF71692F7CA4CC675EB35C3BE28A1618B
Reporter @Jouliok
Tags:exe HawkEye

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 21
Origin country GB GB
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
VirusTotal:Virustotal results 45.21%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe bf15b6d8ed1637598fd2d08ae5f619a4c08c6b03372fddfa8f68f6380e735083

(this sample)

  
Delivery method
Distributed via web download

Comments