hawkeye | dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617 | Triage

Submit
Reports

Overview

overview

Static

static

dda389463f...17.exe

windows7-x64

dda389463f...17.exe

windows10-2004-x64

1

Sharing

General

Target

dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
Size

125KB
Sample

221205-d85qmagd3x
MD5

e21a97e24764f966e63ef8aaa40c3187
SHA1

9248e675dfcc45beae7eff04db8fb1c55ad4b456
SHA256

dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
SHA512

f9b3e6e1629a3e744e68d1693a5118fd6372d7a42485b9addafdb3b5737ecd145049ab8f07edb36c837ca48450e58122a20e3a1d37b63f416f0868081281a786
SSDEEP

3072:PGffby9J6xjifDpYYgr3B82Z7UD5gbQjicQRVO7:OHbypryF82Z7kgbQQo

Score

10^/10

hawkeye xtremerat keylogger persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617.exe

Resource

win7-20220901-en

hawkeye xtremerat keylogger persistence rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
- Size
  
  125KB
- MD5
  
  e21a97e24764f966e63ef8aaa40c3187
- SHA1
  
  9248e675dfcc45beae7eff04db8fb1c55ad4b456
- SHA256
  
  dda389463f20a2133611fcb4a5070567bd66c7fed4f4fbb6fca9519c04c08617
- SHA512
  
  f9b3e6e1629a3e744e68d1693a5118fd6372d7a42485b9addafdb3b5737ecd145049ab8f07edb36c837ca48450e58122a20e3a1d37b63f416f0868081281a786
- SSDEEP
  
  3072:PGffby9J6xjifDpYYgr3B82Z7UD5gbQjicQRVO7:OHbypryF82Z7kgbQQo
Score

10^/10

hawkeye xtremerat keylogger persistence rat spyware stealer trojan
- Detect XtremeRAT payload
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hawkeyextremeratkeyloggerpersistenceratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy