MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 15


Intelligence 15 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239
SHA3-384 hash: a42c2745d7065eaadb3cd2c2c8ab16125a8db3e27264591436f5a4f5f685ab8c879e579c0e51a22389b87f92fa1580c2
SHA1 hash: db2e8e2745c0e761d24040d0e1424d096d68ae62
MD5 hash: 025d3fb5d3c515f94b5cea5eebd9f621
humanhash: cola-sweet-four-lamp
File name:SecuriteInfo.com.Win32.Malware-gen.94713115
Download: download sample
Signature HawkEye
Create hunting rule
File size:312'832 bytes
First seen:2025-09-17 06:31:20 UTC
Last seen:2025-09-17 07:18:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a50e815adb2cfe3e58d388c791946db8 (2 x njrat, 2 x DCRat, 1 x Lucifer)
ssdeep 6144:dV28oqsfVZK+DZmugNfmk9C4irMdaarfbbjqSHFfFaspzg1oS:dogF+lmugBm8C2aazjTJFLq1oS
TLSH T19B6423DF7B4FF9F2D4D495797DDD2C18A1208BA628C013F5EAD1237A8DA05448A0B16B
TrID 39.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
24.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe HawkEye

Intelligence

File Origin
# of uploads :
2
# of downloads :
339
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
BSysInfo.exe
Verdict:
Suspicious activity
Analysis date:
2025-09-16 22:57:50 UTC
Tags:
anti-evasion upx
Link:
https://app.any.run/tasks/e533e4d4-a4eb-43af-89e5-c131ae60e713

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27835/
Detection(s):
SecuriteInfo.com.Win32.Malware-gen.94713115.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68c9eb6dd49ea3f1e4b6a576
Tags:
shell sage blic
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Searching for synchronization primitives
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Creating a window
Using the Windows Management Instrumentation requests
Сreating synchronization primitives
Launching a process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed packed packed packer_detected upx
Link:
https://www.filescan.io/uploads/68ca55c9dbc6f5a29c4920b5/reports/e1e866e5-e9c5-4aba-943f-bb206e2446f0/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239
Verdict:
Clean
File Type:
exe x32
First seen:
2025-09-17T05:27:00Z UTC
Last seen:
2025-09-17T05:27:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239/results?tab=lookup
Malware family:
Sysinternals
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4b9b5770-ee01-474f-a947-df80af47b6d6
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/025d3fb5d3c515f94b5cea5eebd9f621
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239/
Verdict:
Malicious
Threat:
Family.HAWKEYE
Link:
https://tip.neiki.dev/file/e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239
Threat name:
Win32.Trojan.Barys
Create hunting rule
Status:
Malicious
First seen:
2025-09-16 22:57:51 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ehww53fvr5gsnodh7fjdsqrtzyioljc4vmhq4nf5qotwsuy6i4q._file
Verdict:
malicious
Label(s):
unc_loader_048
Create hunting rule
Similar samples:
error
HawkEye
Result
Malware family:
hawkeye
Create hunting rule
Score:
  10/10
Tags:
family:hawkeye discovery keylogger spyware stealer trojan upx
Link:
https://tria.ge/reports/250917-hatb6atnw8/
Behaviour
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Checks computer location settings
Executes dropped EXE
HawkEye
Hawkeye family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/85b25a86-14b6-4fd7-a575-aada7254d284
Unpacked files
SH256 hash:
e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239
MD5 hash:
025d3fb5d3c515f94b5cea5eebd9f621
SHA1 hash:
db2e8e2745c0e761d24040d0e1424d096d68ae62
Link:
https://www.unpac.me/results/d3e9016d-19c2-49f8-a526-62d061d08880/
SH256 hash:
6104219186e392b38dfe85a1fec9f8124e18864da7b8702395668730b97ad04c
MD5 hash:
6e07fdc84bd37971525400892cfba98d
SHA1 hash:
0f14b1601016ee30790a679d2ed125036131f54d
Link:
https://www.unpac.me/results/d3e9016d-19c2-49f8-a526-62d061d08880/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:UPX20030XMarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:UPXv20MarkusLaszloReiser
Create hunting rule
Author:malware-lu
Rule name:upx_largefile
Create hunting rule
Author:k3nr9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe e10f6b7765ac7a6935c33fca91ca119e70872d22e5587871a5ec1d3b4a98f239

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3625407/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/27835/

Comments