MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 8


Intelligence 8 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c
SHA3-384 hash: 8fe161229318fcee8f2c8c1340e27431eb9201a385f84ec1fddfc8ade3744f93efb480d96e99137d9bb8b585c27d7019
SHA1 hash: 178d1aaddfd4a784fe43a9f31f583b506fc99258
MD5 hash: dadb5b0bafcd6cc6aa9dce2787fb3333
humanhash: pizza-fillet-lactose-queen
File name:c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c
Download: download sample
Signature HawkEye
Create hunting rule
File size:1'208'320 bytes
First seen:2020-11-14 18:29:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 252cfd8922d6fe4778b93cd5e22bb630 (3 x HawkEye)
ssdeep 24576:/qw+OWj0jqihst0reonN/lkv2O9oefZYENqYjiE:/qwFWj0jNU0reonNNqZ1m
Threatray 394 similar samples on MalwareBazaar
TLSH 4145025EEA14A6EDE09318BF102955F613FBBCAB6042FFD37913B2650432486B66CF41
Reporter seifreed
Tags:HawkEye

Intelligence

File Origin
# of uploads :
1
# of downloads :
293
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Genkryptik-7115908-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
HawkEye MailPassView
Create hunting rule
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/535063
Signature
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Changes the view of files in windows explorer (hidden files and folders)
Detected HawkEye Rat
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Sample uses process hollowing technique
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Writes to foreign memory regions
Yara detected Generic Dropper
Yara detected HawkEye Keylogger
Yara detected MailPassView
Yara detected WebBrowserPassView password recovery tool
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 18:35:03 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycedmi5g3omqsm3l4wzwqjbvgmy4o2nxx4lw7g3w6tobvu6gnoga._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
06252fa9991f022f9c0ea65dd4799d71179cdc14692c16a754a14a3fc34304a1
HawkEye
1ab199282785da53b5d473ab89af264ae67dda695946890c76a8266a7d80352c
HawkEye
1d9d111f29910cc58f11b12919aa47d952a8dc6487f72d1b97fa7d38c36d5635
HawkEye
51987a10ca5f5fbb1a0c7c9bef9a657471a7757b42a79d19e3a5aacc284593e4
HawkEye
555028b1ee606e6d75d849940ceb77d3205fa196cf414370facdbce575f99d85
HawkEye
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2
HawkEye
94995306b58be1ec116390b1bf6d5dd5bd6ea136d9e5f9c622b8b34dcb0b4aa4
HawkEye
ada7c1996458ea06c687cf34bb1adae592deca7c6c7f61b471bc99c1773088eb
HawkEye
e7aae7cdd1b37bd9ac7028c8a127da4004ae83fe962291445cfd3b53dccfc070
HawkEye
f3eddaec4219ad7d3565593b9f3b28f4196b38d3c739a389683983add08ce48a
HawkEye
+ 384 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201114-2z4segewz2/
Behaviour
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c
MD5 hash:
dadb5b0bafcd6cc6aa9dce2787fb3333
SHA1 hash:
178d1aaddfd4a784fe43a9f31f583b506fc99258
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
SH256 hash:
10f703168cc43f60bfd54c69242d3db63d2d60e1114de74956a2439b8a8b3ed0
MD5 hash:
3f5aca02abb16dbf86748596e4fa0258
SHA1 hash:
1588bfd4e090d3d194879899c02dcc207d5ca257
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
Parent samples :
f0e2be29b4f60291bb5e95eb8e23794502c74d7daff6754762ba486cf92f4c4f
4c312e3cce557ee17db0299bcc112699e616fb162afdadf12a41815a4a314b5c
50652d32574ff07ff24c14eacf1170e224d60c19dbd2752672bd2a90901a6667
4e08d3d7a3ecb630ccf016f97a79aab7f44b255484737d574599c25acf0952b2
43e66c483be9cbb9f35ce7f57bf255925abd25a8fc40b80d79bf0cd2a3f54af9
647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712
ba02abc98927e0f1cf76a734d5ed290155ac8ab3a2a0f8b665a8a3d459adb805
1f998c6032159b469178389d2cc6debf14c810bd11b3be86a374ee7608d11cac
7a30f11aee32cb6b96651c34349d1d290413c01e3c48e056bc833ca97856730c
b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4
5e0fca97a0d1f7abf543f5f9028681148de67780c584dc59c4163fefcbcca07f
aca540b3ad20e1fd49ec550107eff0c164990de1067a9542daf615465f82c331
db3d98c97cfb274f58de6efc1739357371bcb8d006e02ff2857ef8d3605a9c06
91107f4a383ddb76d6fd153077d57c528551ace7385fb10db1bb3e46c3603b62
a9da341d9091c55b477f05cab496d006a58fec6e80eb9e8e86f6bff3d2c3b371
SH256 hash:
4f6f22b1e21fcb1b48bb34c2f430246d873c7f211a03f3e83d24a560d0ff1a37
MD5 hash:
0f9bdd25ddc56c88d02fd317d2bbfd61
SHA1 hash:
63128255a92b7b86e57c7d20deae7754dc28e50c
Detections:
win_hawkeye_keylogger_auto
Create hunting rule
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
Parent samples :
4c4263662c38d04fe144ffeb889434b964dad9c76862718fc851f4d218f84e6b
e225ad50e5c53a73ae6020a83124d6556dd5bdf7ad3d21449169effbed26d2bb
4e637d411a2b8e4c1195d87a4e0b28cf3c8519cbd1e64c1b4b8cc05f6aa31d9e
a5d15462095a7f777fdde180102962b84cda21f0312f7efbc0bfe67c9c7775bb
21359248fdd77b3fb66b1910399bbf0f3433e47cd97bc8a6244716e34280c877
6c079c4f5a7a118e8047d2d81d204a4986353adbcc8f129320e6895a4502601f
742df88a1a378e32ee39558cca89f9b9df3f865c2ba33635e9e260fbe1377f1f
8e4ceb651508d097ba20fbb82af157ea25bc12e32caaf7d02247646e4e3c0629
6dcb0d54ba218f62d9f2abea5016a869598bc984e5c03bfc63adac085456a571
25373c7ff4e7a9756a4f17b2459e1fe85b703f4192485ae8222e095f5c08c294
29a9dba7f6eec11df813a5e624bf3d6bda29ac832191df69a6253ad5f3db924c
5bca9dcc5cad6329944f72114d7273103b7b9157fb640de07b05af598a5191fe
9e45f4bd47d0e7aa3bbf2d17de85b2beeb7ce6f846b8c607537ffe0cd41bd3d3
d34bf3220c17f2188a05d855c4e5f0501ebe86407daceaa9879ef3bcefc97b12
dffa4b4cf6fc7f869229acf3c1f5b1cce1f9b29913f1cc19ae47a4aeff580c49
3437d274a51cf6848efb90c098c6593745aa40c04810541b0fff6260f41c847d
cf6b835ca95ac8b4870ffb43a8c32bb468ab28926052e42a69efb780a49b0a4c
d00eeff5769a8f90fa67c50ae08812bf5dc3295f48d86137ac78cc2440fd8c77
4fe4d7a3fd390de38c6d5dde2355dedc43a16bdc2075b2775a15f6a05e111945
e2f499f357808113df3022a5506660f6fd658b4447c6f708a67fa67288badaa1
664fc60c57caf8b106386e657f48991b8d77921c233c2135d1796def851524dd
1e12aa307b7de55683eaf19ccee90d5dfdbe6332da9c5ddfa6996489a66890fc
8b6276e4263b27f8fb2d4cb0e0e98e2ee9b076a7d11e700c89e5a042f4643240
8b7eb0e9390db8f7e044bf08767f36ccdbe66c810a8bdb08023a111adf91a25e
bbb545e534404b4c4dd0814cd16d39a52ffcbfa61de786fb0242ffca2c57dbbe
8b79bf9d1963d88c16b9dc7c23a8c4f01ee1da072cc3ad7e8a25f8bfd12faf50
0bf60dcdf432af776889291fc62d5f1ad3badf26b482463fe88e37edcbd85140
8b67ade365a1f3cad91633019ec953413c81a086c6521ff1b456e54415f5b215
0ad35ca11654890c634590432913c39bb705bea62883bab3947ea44b73dd1ef8
42809102d3daf99ec6e76ce46286252650bac81c4fa099d365f42646c86173fb
360b4186f8359ad7db7f3183a454bdb954156220a8f9a5a0fa2c955ce9f4cfe7
55e3cabe17b191248b55897951f6d0666151f1bd159939c51b6e233d1c9b7583
746ef8851d618b64658a6c10e082baba1e52d1c7d98f493888c9eadea8b7a0b4
5919a425be2053d45f58c81965525f61acf00be785cfb691a7d81b9b7fbb0df7
98de22167c236dd4996aa1e08a0359335b91330f1ddbbce32a2761ecc62c5b7c
06926dfe16ef5c885d72b9b9824e861f264108331ddecce320d2c1bb10294b5e
efe2ce70cee5e8d9b4aed311ddd1716535e98fa6c1fa67d67d54bd97beb70a7a
67d57f842b1c8a60c0acee47d2332a3550a51a88d4a17734542d3dc70364da8b
c3f09f4881fe891b4e773044684278c1ec3f1ed7894429ec64b367bc88e63f52
d39aa812f11b40175a566e3311f8c0850dc16f6a996e129b3bfc04dcbd4ba0d9
6f54535a2bf34c32c2adb107d45425b78ce7baad19789d72d2fd0398f0c798db
392df4609faf364e7611f09d264dc6d3c2a09ad3646d9991aa393a21ed4fb62f
edd918de1d207f2a922943b7d437e677109e71dd8bc2c326740cbe4d1fad36de
65f05691e7709645038d990c70b62fa29cab325c3efb01318a5e2e9c97f973dd
e9fcab6dd83ee8d52d0c26b72c5d7492261fd25e747501deb6e42a86155fc86d
c82f900ddddb39e815854cac0b1547e6755f927567914ebc02042108c1eda1e3
9c5dfb2eec88345d2f3c70094107e156798d5094265d0ce1d82add5edb955e76
40555b0914b99c9e150e1bf415f051cccefde624c6677c6e4cd58a74ebd83512
7e84fc0e1106f3d44973a74caf8b8f085473014f5309c654163963ad4218f24c
06252fa9991f022f9c0ea65dd4799d71179cdc14692c16a754a14a3fc34304a1
aab44884155d82d88bfdd0892414e1829f723a2512332ac99eb2e5ad168ef8cb
96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
de7ccb42441ac5d9de3a69d0341ed8d1ddcdbbfdef7c0f248fc0ecba208dcd57
f59f15bba5a4fe8df9441253eda4e8f85f411bdbe492d9f39f23bbf7969bacd3
0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
7297affe06d6f843e71152ada6b71cda08574fbaa99fd1a7ed1677ef9063af51
5085b0ca2f92b564192b4e5161917e146f72bdbb475718b51221aeb66fde89f0
0988d21e5049b9e4f69e3419a7632680b2277eccdb68b95d7a7d63baf2ab7043
5df16511cfa1a09aa8ee25f478d1211c8ba4612520488f8ec07826d30927df05
d7cb36fcee26269eff4699a98d35dd74321ba6e5b1071e9b43a1f60737662a84
4c4588a8a5ccf13808a0c99a9882dd7221eb80640348f79f074f964642ddc5fb
db761ccd842c1538233f685f57dae831da1cb09187eb7fbb1c962f769142ccad
5756a30d832082dc1a3eebf4b5dc74d0ee354a5818b8a99b057f50af588207f9
92b99ed44d549a10ca6d3ee8847be980fecfddac1334974bb2cf51aaeba73e59
a1e38a7f945fc6200b066725d780f3bd471b57202d1caf175a9185aefaa9db36
7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2
93ba794d9cbe2ac237b44cdee21ef3df8f4d4624bd7ea9eb7ba829e645f94525
9f176d02e8b82e189b13f8c947e59973efb2115639f7e21187fe7e419d01c9c2
20485e51c68bc57a9bbb2dff973ea7eecd96cf6e74272aa9f92a27c3259d7620
5b5c40a87df0ef2e2bf553025033885176bb0e016fb1f9661d8131be6b46764a
3047aab5235fc377107a2106863cc379cfce34446c34de688ff84774f59b3de9
03914decc80385200cdb9ef59dbeed907aa6a02641e3cc3e75d4d314436cc451
e5c3dfaff91dff6288a74933d6153f6ce498970a06016168840da65290765fa7
4aa2ba898c0c924d352ab195b280922a85b97970a6fa03183b6a717c547c9173
e7aae7cdd1b37bd9ac7028c8a127da4004ae83fe962291445cfd3b53dccfc070
78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
a68aaf370bd46ec00abef5b522d5c6faf6c1beff6a3af3098e4a6dd1e25fce05
6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
05b31320ce0468280428878330ff35d4a1d96460b6f10c3032fd4cc794b1e9b6
47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
37e764aee783ccadfde4fc15bdada66d96686c262f903e66133a09ba9a01324c
233f1b763369bcb5b0033a38bead6623168e017eb89da62ac58801606a76d452
9a307ff705e2a745e18ada695dc558e509d6237cde4ddaadd9014790faa8c4ab
fbaa1f1039d717190116a36e1daef36aa5f725313f508b035e5b736ba1120bfb
1532c731a4a27f84217899e49abaf03a3913765074700b7f896f246715a64cb6
425d2457bb19e7898d0f5067ceb9039ec8cc0a5b7e36faa18a5dbb86c20009f8
c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c
477f84cdd4b8600dbad0767d9dada2b6565decb5a8b4fc369f72df0b1fcbe24d
cb18cfe352ecd835711e03fe2636b3964430c8ba8cf13f8056b0ffa1f859abae
1f7bf2479afee06220c111e8f642334cd4659ca96a2c3a523401e5362ac59b84
b3c9b5b8a656b9ec4944a2ed3bfdfdb8460ec8a49d6c3e1d0b60bd3d8b757d3f
c38fcd03c34336492b502735c0704bd4685d33ab29a69358e26ed201254ea63a
cde560b79a71056438ff4bb8e8b754827716ec32daf1c53b4806557007364820
74ac4df1995949478b501f04444e4c09317ded110149f066c8b9c71d2580b004
6351df97ad5c397ca6f90b7344b534dd95ad10e3945dce4766c52615af96ba86
f48fc03a6774a235d15b347b14891185d50d45726f4cc84b838e3d16add5c0d0
772a1b14d54449948ca15842a7a8eb4ac5d17df3b9a93dcb4c7f3bb1b46c238d
ec021f264e15c9d1c6cf8a5b12325f76d3218abc56927abd63180c3067d24938
a5f89bf45654ac63687261625084d06c1cbba805613db5bab2ee0cbfbadd38b6
c70ca05804ee008cee5701160eb0753d913164ef4bb85aac6ba5cd08c88ba41d
5d03fd083b626a5516194d5e94576349100c9c98ca7d6845642ed9579980ca58
eea5bbf97d1865846716e179ccd5cd9c3f31b2244cf537ff7cba9f1903717ed1
7907686d20104808021d5d4130039fed4fc7946ebc48d6e554bfcf01e69edfae
3f9a47d545d4cf2d428c713f2cc96bc53236ea11b79b1c9a8daabbf0c944cf9c
10239fd8380cf3ef7a0d7345af72e6921d92338fc383a5335f333dbff5aba4ad
04f6177bee237fe8f49353b9455c7367d6ab4d9e14a4139c9fccd7e4d349ce82
ab3c113121c1fdfde39a4ce53d6f38490f6393d847d14e727aa5260594e88c79
9f9592b365cc2cad5047e0392aa4dc778d1b48e2e6f25856966aa6a11b814d2a
34cd90cef8792f1d4ed2140616cacb29921edb73cbe2cd4a0634451eab9850dc
bf487ff7cdbbd998b633b1858a939d8c808bcce65ab9937695475b39deea70a8
286b416351f4ca6cc215c58692af9be6b9f4eb54c4641160e2a31dfd16c43ec7
edafe7e62738e180cb882d93f37d2d306627aef482d6f7a7a06c69198c61cd58
d30629a1a9aad3b8bc1e3827ab767473089214fd801b556f9ed3430f39bacbdd
28158cd7c05b6c1959a8cc3c2def840d34674ef21b925d5e9f04670ddf45226a
702554b4a0770d70bd5972318d2294ef2b26001595b574d122264b8c1793457c
3e48d983e3315501931c646f896a8189637f5b9d21c453b051cd17f2584ee3c4
a6fc5cc4331ee5a9bee82b3fde7bdbce1c1dc5a89c8860b682c948f4b9acc9cd
4dd89aea31cfb64c8fa6b542c9ad002e4041ef5249f2072947df749e00e7fd9e
bc58f1f37527b2256089b3fedbf5044ad396b267a762ca7e7f6fa7c81f76259b
0b1fbc81d9d9e685307e80d20afe4b01c6538b903b77136b0d1db2486fe8c6e8
09969e8d7af6e0c3ef34c344fe378dd23b6f93abcda793c052e36d1777c35ce7
ef715cd322f0a805a68840b215c062f2e254977170a11c6800d836eac781fabb
6f8bb9d51ef192747d5393e13349bb03f272f5a947de849835709502ef09ef68
6f2af9503a84bf2c99e0bbf735b953a7551f7ff78f87c9ad84e8aff091f2ae10
9c3da492d0b98fec833d5217e46cee71fd67cf4d0bae48267cc4007095f096d2
92dfecd6af8585dbad00f24630a77fe40ca5ff91d35c29f946fc8d28d22aaa25
6bad2fb94eb774403450fc90c697e457c2d260eb0b20a96f15ee82cef6f74d86
1726922fcc3877d8fe65c9e1a0fca61ca286b7d424397b3c4e4fb1ddbcee9c64
fd95b0eb1d2a5650592de694cda956d9dcf0b1c3312fcb3273571f858762ae15
28e28025060f1bafd4eb96c7477cab73497ca2144b52e664b254c616607d94cd
c1cd0692836798f5cb7e9335f4547a2650b77cf456193cbe7e384906a20c0603
f874a58fa2ede6f9ed3fecb71259c1190e2d8c47d71b05e30e66bd727233551a
b139dd73d811c0d20602ebd74f962724d2c9e31958bdea9326473bf4bbd746b9
ed133e3bc6f781c4a981f93c180e38c70572ad80e48c12294585767e583b9d0f
08187be5bb78da6c7751c5d870d46e43e6b4204db6abf2cc2d80e9830fd136ba
8fdbfbf55033187c6a4d3cd7d42394cd56cbd3b5a9dc905e72aef2886172be36
06550442678fb92b0273b83f349d47d3654fb72a7d98398ce3b63e3635b8e8f1
4f387257ba2721c27465800f9db3e513ded059ce28b68d593de0f459dfcf95a7
67a070a61c8d94294f7b4eb0b4d7978a8b3dd8b5f72f63ad84aa116f95cfa996
5733ad0577f5b8fc7e939b1daff3ff98b339bb47542a138b659e47b9001fbbd2
57754827b4e179d20088be1aa0fec9d1f8e3a872e81103b2c7264f80a0a86b36
4e20a72f2791a602f8ee9999765a9365729ff929da4d5fa6be7bfb4c20e9989e
f97f876b529e2569d80b1190a249088582117b29aef9af9d8a0e992c2df2db2d
1e35254abf2093f39899b09689d0a17d1bf70829dbae10356a2596eceb85c4c4
712e38d6f7ec0cb09be6fea727a3748b2de1c7c8286b33bb227f68dca34b6073
81028be28fd46cc36b813c14d3c3ee9382762dc479d21bba497d6f80d23eac30
ebfd002f9e74038ae2c3c48cee010a2b9a050e6cd2f8c5a62980df68192367ae
5d5656bf50bf4d14a6b4129c7f3dfd9f446b98df3edeaf2d9036a77d49f52349
beb927e2c2c93bd7af86e0290f6f30a66586275af924cd4f617f87003ab33743
92eeea68a958e1a8e597abb4a3dd6047241b66324f16d30a9840699bbaf2d62c
5975ea85d339a31e8d9b5b1eced0d699c1d59d980896f1332d1e08497f005e21
87ff9d9612267c284b867bd9d4a85224d3bf1c4d8070b3eb6541ef7c6b62c3ad
f0e2be29b4f60291bb5e95eb8e23794502c74d7daff6754762ba486cf92f4c4f
4c312e3cce557ee17db0299bcc112699e616fb162afdadf12a41815a4a314b5c
50652d32574ff07ff24c14eacf1170e224d60c19dbd2752672bd2a90901a6667
4e08d3d7a3ecb630ccf016f97a79aab7f44b255484737d574599c25acf0952b2
43e66c483be9cbb9f35ce7f57bf255925abd25a8fc40b80d79bf0cd2a3f54af9
647816ec76f04594da29576e94eb3febd405dd027379bc558b20babe65b11712
ba02abc98927e0f1cf76a734d5ed290155ac8ab3a2a0f8b665a8a3d459adb805
1f998c6032159b469178389d2cc6debf14c810bd11b3be86a374ee7608d11cac
7a30f11aee32cb6b96651c34349d1d290413c01e3c48e056bc833ca97856730c
b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4
5e0fca97a0d1f7abf543f5f9028681148de67780c584dc59c4163fefcbcca07f
aca540b3ad20e1fd49ec550107eff0c164990de1067a9542daf615465f82c331
db3d98c97cfb274f58de6efc1739357371bcb8d006e02ff2857ef8d3605a9c06
91107f4a383ddb76d6fd153077d57c528551ace7385fb10db1bb3e46c3603b62
a9da341d9091c55b477f05cab496d006a58fec6e80eb9e8e86f6bff3d2c3b371
SH256 hash:
9f2d8507d23e9dfea8317f366ae968063e332c93635d1f6d1c75a6d7e5552f52
MD5 hash:
50ee178f951ab99681606ddc324f447e
SHA1 hash:
9134d7233daffdf68a0e148c50208027f7537b0d
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
Parent samples :
b8025d9ec1c56eef774e90a448c30efbeea547ff60cee57169680d832b76b7f4
5e0fca97a0d1f7abf543f5f9028681148de67780c584dc59c4163fefcbcca07f
aca540b3ad20e1fd49ec550107eff0c164990de1067a9542daf615465f82c331
db3d98c97cfb274f58de6efc1739357371bcb8d006e02ff2857ef8d3605a9c06
91107f4a383ddb76d6fd153077d57c528551ace7385fb10db1bb3e46c3603b62
a9da341d9091c55b477f05cab496d006a58fec6e80eb9e8e86f6bff3d2c3b371
SH256 hash:
e7d88c2cf35c584f15334c2c16c96ea4eb0ea75fe4cd6d205f784b1e5e0f2bc6
MD5 hash:
aefb1aa4b33fcf72bdc10585ed4e6db4
SHA1 hash:
bc0a8607d8712156e3f2dc18e5629c28734f0598
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
SH256 hash:
c75f0b4a1c4e0b4397be81c37cea1bcf26929a73c42e108b6e721bdb0c8cef8b
MD5 hash:
547bed757bd9d1e469a98a8f84060774
SHA1 hash:
d94733ee66ee3b07e3781fc2d18a980cb4fd8cfc
Detections:
win_hawkeye_keylogger_w0
Create hunting rule
win_hawkeye_keylogger_g0
Create hunting rule
win_hawkeye_keylogger_auto
Create hunting rule
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
SH256 hash:
51add52b71149e12839d69d0bfc973321fffd7188ee6309929069882f638a8fe
MD5 hash:
91e96f05a4af9cd8b18e75ecc27daf4e
SHA1 hash:
fcbf32bcf423f7516d93a67d015884c37779cb00
Detections:
win_hawkeye_keylogger_w0
Create hunting rule
win_hawkeye_keylogger_g0
Create hunting rule
win_hawkeye_keylogger_auto
Create hunting rule
Link:
https://www.unpac.me/results/5c16bb2d-77dd-4464-94d5-fdc4fe5e0d88/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c0883623a6db9909336be5b36824353331c769b7bf176f9b76f4dc1ad3c66b8c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:Hawkeye
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect HawkEye in memory
Reference:internal research
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:RAT_HawkEye
Create hunting rule
Author:Kevin Breen <kevin@techanarchy.net>
Description:Detects HawkEye RAT
Reference:http://malwareconfig.com/stats/HawkEye
Rule name:Stealer_word_in_memory
Create hunting rule
Author:James_inthe_box
Description:The actual word stealer in memory
Rule name:win_hawkeye_keylogger_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_hawkeye_keylogger_w0
Create hunting rule
Author: Kevin Breen <kevin@techanarchy.net>
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments