Overview

overview

10

Static

static

3

31c0d45df9...7e.exe

windows7-x64

10

31c0d45df9...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31c0d45df9c966ad7e11ab233078607e

  • Size

    233KB

  • Sample

    231231-lya29sgack

  • MD5

    31c0d45df9c966ad7e11ab233078607e

  • SHA1

    ead2ce24fbf87bebad55500604557bf9ac4d2ddf

  • SHA256

    22a7ae8d819204ec2cd27a5e53f5e267c7829776eb3064b95bc6f253e72a1157

  • SHA512

    bd99241deae5815117fd8725b105006238a6980d65a3f1115d1d107ff66fa5abf6ef122db3fc65910e47087b4b0c21b51fc9bcf35c5a8de12fbc1cfb3b0f0df8

  • SSDEEP

    6144:OTu5OUFQPwNcHEOHA6ekznVuf5e9LoZgYuyY:EuzmO2hA6pncOoZgv

Score
10/10
hawkeyeevasionkeyloggerpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      31c0d45df9c966ad7e11ab233078607e

    • Size

      233KB

    • MD5

      31c0d45df9c966ad7e11ab233078607e

    • SHA1

      ead2ce24fbf87bebad55500604557bf9ac4d2ddf

    • SHA256

      22a7ae8d819204ec2cd27a5e53f5e267c7829776eb3064b95bc6f253e72a1157

    • SHA512

      bd99241deae5815117fd8725b105006238a6980d65a3f1115d1d107ff66fa5abf6ef122db3fc65910e47087b4b0c21b51fc9bcf35c5a8de12fbc1cfb3b0f0df8

    • SSDEEP

      6144:OTu5OUFQPwNcHEOHA6ekznVuf5e9LoZgYuyY:EuzmO2hA6pncOoZgv

    Score
    10/10
    hawkeyeevasionkeyloggerpersistencespywarestealertrojanupx

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Modifies firewall policy service

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks