hawkeye | 23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4 | Triage

Submit
Reports

Overview

overview

Static

static

23e97c543d...c4.exe

windows7-x64

23e97c543d...c4.exe

windows10-2004-x64

Sharing

General

Target

23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
Size

920KB
Sample

240105-bdy89aehhj
MD5

753505f665835e0f8542f83252d8251c
SHA1

880a37b15bec07ce4ff748fb2e8d138754c8b636
SHA256

23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
SHA512

91d69bcd0b6dd9e096a31db9c3778432088c69e6d329c12bba7e1803bf0dd7325338d42c76d0b6cb6a8e954a0e931754a3c7cc2f07b7c8b21700ac9b6ad9137c
SSDEEP

24576:iD54MROxnFt34cirrcI0AilFEvxHPf8oom:iSMijgrrcI0AilFEvxHP

Score

10^/10

hawkeye orcus 777 keylogger rat spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4.exe

Resource

win7-20231129-en

orcus 777 rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4.exe

Resource

win10v2004-20231222-en

hawkeye orcus 777 keylogger rat spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

orcus

Botnet

777

C2

10.86.6.129:3333

Mutex

bc671c436af448dd952335335bfcb715

Attributes

autostart_method
TaskScheduler
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Windows Start
watchdog_path
AppData\WindowsUpdate.exe

Targets

- Target
  
  23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
- Size
  
  920KB
- MD5
  
  753505f665835e0f8542f83252d8251c
- SHA1
  
  880a37b15bec07ce4ff748fb2e8d138754c8b636
- SHA256
  
  23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
- SHA512
  
  91d69bcd0b6dd9e096a31db9c3778432088c69e6d329c12bba7e1803bf0dd7325338d42c76d0b6cb6a8e954a0e931754a3c7cc2f07b7c8b21700ac9b6ad9137c
- SSDEEP
  
  24576:iD54MROxnFt34cirrcI0AilFEvxHPf8oom:iSMijgrrcI0AilFEvxHP
Score

10^/10

orcus 777 rat spyware stealer hawkeye keylogger trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus main payload
- Orcurs Rat Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

orcus777ratspywarestealer

behavioral2

hawkeyeorcus777keyloggerratspywarestealertrojan

© 2018-2024

Terms | Privacy