hawkeye | 8b3b8df6a16eed6edc74e0b57adf7e057e643d572ae1fcd6d806e9c78141e145 | Triage

Sharing

General

Target

3fc92e5d34ae656ad8ef85e0ee1e4f12_JaffaCakes118
Size

515KB
Sample

240713-clpkfs1drj
MD5

3fc92e5d34ae656ad8ef85e0ee1e4f12
SHA1

ed670181751fcc091b3419cb6b7081adbd5ac722
SHA256

8b3b8df6a16eed6edc74e0b57adf7e057e643d572ae1fcd6d806e9c78141e145
SHA512

752e26940de0a40a1e6937007f927695d49329468eed0936dc7e264252bd75f9ae206cfe8ccc6fe0b14d1a14ce161e87985623a671fdf603ef17ff5b44265431
SSDEEP

12288:uyDqtM3bdDzjp6rG6srN4LOU0Rm0dj6EUMJ:zDqiVp6r9IN60RHd5J

Score

10^/10

hawkeye latentbot evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

latentbot

C2

dcomete70353.zapto.org

1dcomete70353.zapto.org

2dcomete70353.zapto.org

3dcomete70353.zapto.org

4dcomete70353.zapto.org

5dcomete70353.zapto.org

6dcomete70353.zapto.org

7dcomete70353.zapto.org

8dcomete70353.zapto.org

Targets

- Target
  
  3fc92e5d34ae656ad8ef85e0ee1e4f12_JaffaCakes118
- Size
  
  515KB
- MD5
  
  3fc92e5d34ae656ad8ef85e0ee1e4f12
- SHA1
  
  ed670181751fcc091b3419cb6b7081adbd5ac722
- SHA256
  
  8b3b8df6a16eed6edc74e0b57adf7e057e643d572ae1fcd6d806e9c78141e145
- SHA512
  
  752e26940de0a40a1e6937007f927695d49329468eed0936dc7e264252bd75f9ae206cfe8ccc6fe0b14d1a14ce161e87985623a671fdf603ef17ff5b44265431
- SSDEEP
  
  12288:uyDqtM3bdDzjp6rG6srN4LOU0Rm0dj6EUMJ:zDqiVp6r9IN60RHd5J
Score

10^/10

hawkeye latentbot evasion keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyelatentbotevasionkeyloggerpersistencespywarestealertrojan

behavioral2

hawkeyelatentbotevasionkeyloggerpersistencespywarestealertrojan