MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e24a3fe957675ab9e6815582079bf483dd6f0b75e744b51d6f71d4fdcb301da0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


HawkEye


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e24a3fe957675ab9e6815582079bf483dd6f0b75e744b51d6f71d4fdcb301da0
SHA3-384 hash: 18c03964ed36e9d8c074e6a3e553b8a4b2dc95c72b17f221bee7963e6c60584bd19dcb571b189779da33b81267fe2404
SHA1 hash: ef593b1f240a8295140a17c23d1551663076de3f
MD5 hash: 0a17a1727169b70276ed4aa2c5ae92ad
humanhash: pasta-hawaii-sink-kilo
File name:File-RF0548125_pdf.exe
Download: download sample
Signature HawkEye
Create hunting rule
File size:550'948 bytes
First seen:2020-06-08 05:23:07 UTC
Last seen:2020-06-08 13:31:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fd8135b0036737f4378aeccc98fbd15a (9 x Loki, 9 x AgentTesla, 2 x HawkEye)
ssdeep 12288:8Ev8FVujUpVTWgThfJ614X5p/iYHI0Oq8M0oko8ZiFhDF8KSpTTj/XWYaC2IgIWx:8EEbuQ9WmD1HITPTnXKBPx
Threatray 2'278 similar samples on MalwareBazaar
TLSH 74C48E7AF2914833E153197D5D0B6778982FBE51292816822FE5CC4CAFF93893D3B186
Reporter jarumlus
Tags:HawkEye

Intelligence

File Origin
# of uploads :
3
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 00:07:13 UTC
File Type:
PE (Exe)
Extracted files:
259
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4jfd72kxm5nltzubkwbapg7uqpow6c3v45clkhlpohkp3szqdwqa._file
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
Similar samples:
0776457840077a9b6ac113b23ebf60c224c3c7b4807c6698fdfe764531d285be
HawkEye
6480d0d4232a23159e754ab88769b21a48e8bc4a86fa84b99c2160b2bfb09244
HawkEye
7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51
HawkEye
7c15dd07b223275e68dd8034583f12a73fc19f2d42abede56ed8d0dfdc92edc6
HawkEye
83f30281a5e505534920c9b752097032706f1856ea85e75c6af492c2e8c7dd32
HawkEye
898cc141ffb06332c3fd9d6bc233b7ebba9daa93ff7112ab66c103289cdb8ba1
HawkEye
9855128084d3f64cad749acea4eae6e76615e7bb2af406cfbc7a3e0c8932ab2c
HawkEye
c6e26d183274fdfc63535e49ede53c4e7894de05f0054341bb031598186f138c
HawkEye
d7b266bb9eacabd128560d80eea9195b42b227df16d460f1c0e13ed6575ca627
HawkEye
e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3
HawkEye
+ 2'268 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware upx
Link:
https://tria.ge/reports/201109-1kdm7fa45a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads user/profile data of web browsers
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

HawkEye

zip 1507d7d0d8206c0736d7994fc3bab57ca5f1d1d76495821a96e086cfc7e65420

HawkEye

Executable exe e24a3fe957675ab9e6815582079bf483dd6f0b75e744b51d6f71d4fdcb301da0

(this sample)

  
Dropped by
MD5 f15b026a11259cbab0bc735483c4229d
  
Dropped by
SHA256 1507d7d0d8206c0736d7994fc3bab57ca5f1d1d76495821a96e086cfc7e65420
  
Delivery method
Distributed via e-mail attachment

Comments