MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2dc1174c060668495a3835ca8af6c2c49c8539163c6913dce2f34b5f7e987c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 2 Yara 2 Comments

SHA256 hash: f2dc1174c060668495a3835ca8af6c2c49c8539163c6913dce2f34b5f7e987c1
SHA1 hash: 6a530b42aa9948620c08e41f4ecc95e5f97844e0
MD5 hash: ed0bde32aec725b166afb3510ebc730c
File name:zicccc.exe
Download: download sample
Signature HawkEye
File size:692'736 bytes
First seen:2020-05-23 12:19:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:UO2jyvgjyiKV4XDHuFStppLI8V8+vt5YtNJB5lZpPmlKBQvYY93Kd998yhAAYWXg:UOG+BCDHOSLyO87BbZpP2KBQp1MnAAYt
TLSH 2CE4011530589AD7C2E844FE44C2E28447F06D775AA1FBCE4CCA70DAB6C3BD18A16E97
Reporter @Jouliok
Tags:exe HawkEye

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country GB GB
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
VirusTotal:Virustotal results 56.94%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe f2dc1174c060668495a3835ca8af6c2c49c8539163c6913dce2f34b5f7e987c1

(this sample)

  
Delivery method
Distributed via web download

Comments