General

  • Target

    06914834645d9ab3058300de4c756954

  • Size

    410KB

  • Sample

    231229-26jmdacecp

  • MD5

    06914834645d9ab3058300de4c756954

  • SHA1

    437546390ab6be7ab887e82148ba8b923bedd844

  • SHA256

    50c6eeab65b9c35d55dde8ba5cca1eaba4091d0a5611a353f9561e3e37453e67

  • SHA512

    08869a715d99a8034ee9e473c0c56f8fa4d35afbb67467a4d27ffd9d34f7d32f87a2b1f1141657ce7de27888fdca477af3d4756d6e5799d5dd27b5acbe2ff953

  • SSDEEP

    12288:3w06cUYTczdkibnD3WUgFooE3cVkO3rHGa6vSoW1:7TUHkibDGencVnHq6f

Malware Config

Targets

    • Target

      06914834645d9ab3058300de4c756954

    • Size

      410KB

    • MD5

      06914834645d9ab3058300de4c756954

    • SHA1

      437546390ab6be7ab887e82148ba8b923bedd844

    • SHA256

      50c6eeab65b9c35d55dde8ba5cca1eaba4091d0a5611a353f9561e3e37453e67

    • SHA512

      08869a715d99a8034ee9e473c0c56f8fa4d35afbb67467a4d27ffd9d34f7d32f87a2b1f1141657ce7de27888fdca477af3d4756d6e5799d5dd27b5acbe2ff953

    • SSDEEP

      12288:3w06cUYTczdkibnD3WUgFooE3cVkO3rHGa6vSoW1:7TUHkibDGencVnHq6f

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks