General
-
Target
8f9cd57db574bc54883668459c530ee81a0e748fd4778b07009e5bda3f5f6176
-
Size
488KB
-
Sample
221206-adk6ysad56
-
MD5
32119bc05a71df1acbcd331912e81343
-
SHA1
285d81aa2c4196aa41184c0cc791fd5b7aab3d91
-
SHA256
8f9cd57db574bc54883668459c530ee81a0e748fd4778b07009e5bda3f5f6176
-
SHA512
0a98ab9f2748e12c2fda307d5df101917dc6292434739989dec96cc1b2177056ef468941509763018218c675117c4f541b624d1a5a97977f03e53658e0eb1aa4
-
SSDEEP
6144:fiQ+CGTCCkfVHKPikyX862ZAMB6gjaUVQJqtHnnW6H0TeXp5PfiioJwm26N8j6uM:fiQ+Chdy6gugQ+HW6hpxvoJwr1KaJbt
Malware Config
Targets
-
-
Target
8f9cd57db574bc54883668459c530ee81a0e748fd4778b07009e5bda3f5f6176
-
Size
488KB
-
MD5
32119bc05a71df1acbcd331912e81343
-
SHA1
285d81aa2c4196aa41184c0cc791fd5b7aab3d91
-
SHA256
8f9cd57db574bc54883668459c530ee81a0e748fd4778b07009e5bda3f5f6176
-
SHA512
0a98ab9f2748e12c2fda307d5df101917dc6292434739989dec96cc1b2177056ef468941509763018218c675117c4f541b624d1a5a97977f03e53658e0eb1aa4
-
SSDEEP
6144:fiQ+CGTCCkfVHKPikyX862ZAMB6gjaUVQJqtHnnW6H0TeXp5PfiioJwm26N8j6uM:fiQ+Chdy6gugQ+HW6hpxvoJwr1KaJbt
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-