MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffb4e1b5e6ac64c969e3f90351eb0d401146f266b6678dfbff611faaf15a311f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 2 Yara 2 Comments

SHA256 hash: ffb4e1b5e6ac64c969e3f90351eb0d401146f266b6678dfbff611faaf15a311f
SHA1 hash: 7e3710407066bd7ae4f68e7638fe01c2e8c10ef1
MD5 hash: bac98b7b3aaf910103e7a97ea30c4913
File name:2wOZ8cIwFVJSVb6.exe
Download: download sample
Signature HawkEye
File size:793'088 bytes
First seen:2020-05-23 12:18:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:H07I0DOrNV0j0D831JZR1c2r3dMJCetZCHKgNJmRU5j0YFSeBWKz4ZddSBSCkaWy:H0flDRf6JCa0HNjjLSEz86kad
TLSH 88F4010176698D1FDEEC80F54585A39043B449B39582FBF99EDA71EA73C6FE30A06093
Reporter @Jouliok
Tags:exe HawkEye

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 21
Origin country GB GB
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
VirusTotal:Virustotal results 45.83%

Yara Signatures


Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:MAL_HawkEye_Keylogger_Gen_Dec18
Author:Florian Roth
Description:Detects HawkEye Keylogger Reborn
Reference:https://twitter.com/James_inthe_box/status/1072116224652324870

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

HawkEye

Executable exe ffb4e1b5e6ac64c969e3f90351eb0d401146f266b6678dfbff611faaf15a311f

(this sample)

  
Delivery method
Distributed via web download

Comments