MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

HawkEye

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627
SHA3-384 hash:	d29bca209f8a9a0a22fc8f16a55a682e1f6856a3bf7ab86d00c8e2c299243c941e81df6aa2b18de11210825fffaa3183
SHA1 hash:	4e44bee905fe833de0ce4512a6567fa60056ff57
MD5 hash:	771fdb05e504009e17766a89e1745d3e
humanhash:	virginia-winner-hawaii-fifteen
File name:	REQUEST FOR QUOTATION GLC-2020-E025-xlsx.exe
Download:	download sample
Signature	HawkEye Create hunting rule
File size:	795'684 bytes
First seen:	2020-06-25 05:46:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a29f4efb911c4906418600fd25679688 (11 x Loki, 10 x AgentTesla, 2 x HawkEye)
ssdeep	12288:E16DRdrkQMFHVsMlrsy/bz5JF4WHC1PgI9vFcnQdTZByM9SVZLkm0bJ3YEO:i69dI9Dl7bPF4sm9dNdNByMEfAm09e
Threatray	1'998 similar samples on MalwareBazaar
TLSH	23058EA2E2A147F3C172193B7C6B52F55429BE0CAD28A9462BE4DDCC8F3F54134352A7
Reporter	jarumlus
Tags:	HawkEye

Intelligence

File Origin

# of uploads :

1

# of downloads :

89

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/13916/

Detection(s):

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

PUA.Win.Adware.Webalta-6862190-0

SecuriteInfo.com.Win32.Herz.B.10803.7096.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending a custom TCP request

Creating a file in the %temp% directory

Using the Windows Management Instrumentation requests

Reading critical registry keys

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627/

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=26zgno46vsv5ckcwbwao5kizlnblej67c3kgb4oa4e7nmv24uytq._file

Verdict:

malicious

Label(s):

hawkeyekeylogger

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence spyware

Link:

https://tria.ge/reports/200625-k2qbk54pke/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Adds Run entry to start application

Reads user/profile data of web browsers

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 1607fafd0086a13c39c7296265e41ca94651923301f43417cd00e4fb23b9d892

exe d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627

(this sample)

Dropped by

MD5 a8e9bc96dee85a55e2c114ea986dc166

Dropped by

SHA256 1607fafd0086a13c39c7296265e41ca94651923301f43417cd00e4fb23b9d892

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/13916/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample