MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d12d7f07071e59df09d70cae377fc3e41b35a098d5096f7437ce17b59f74fd64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 2 Yara 2 Comments

SHA256 hash: d12d7f07071e59df09d70cae377fc3e41b35a098d5096f7437ce17b59f74fd64
SHA1 hash: 18718e0fd966924e4654788e8b22186dce2bd079
MD5 hash: 8a287330446d34cbeec48f2cb3237ee1
File name:SecuriteInfo.com.Trojan.GenericKDZ.67282.9675.13398
Download: download sample
Signature HawkEye
File size:676'352 bytes
First seen:2020-05-22 22:40:34 UTC
Last seen:2020-05-23 12:19:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:V238s4TOBu3RK0TVxEMp9hk+Mw6vohF/8QVAhoTy+X1NSbkZHYSpayvaD35Tc:M4KE3pxEMp9hk+HguR1
TLSH 88E4AE6C3154319FC5CFC271ABD55C2EBA606837631BAF5A4893039E9A0D583EE501BF
Reporter @SecuriteInfoCom
Tags:HawkEye

Intelligence


Mail intelligence No data
# of uploads 3
# of downloads 23
Origin country US US
ClamAV SecuriteInfo.com.Trojan.GenericKDZ.67282.9675.13398.UNOFFICIAL
VirusTotal:Virustotal results 41.10%
ReversingLabs :No data

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe d12d7f07071e59df09d70cae377fc3e41b35a098d5096f7437ce17b59f74fd64

(this sample)

  
Delivery method
Distributed via web download

Comments