Overview

overview

10

Static

static

1

SchooiClea....0.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SchooiCleaner_F1.0.bat

  • Size

    3KB

  • Sample

    240714-qfmess1gqq

  • MD5

    cab482ff59621fe2a023112e7e16b89d

  • SHA1

    3b59142249f7020dcb5ab52bea14805f8922e5d8

  • SHA256

    ab22ed1dc9c0a8eb99a8d0c4e496671c930e07d57b628da59fc30ad0900c6763

  • SHA512

    52720ce0ccb0cb2a1fe7b261c34733a02fce99b7d3ac8c2e63945a26f0e1345bc6fcf489b535d114447d498f13ed259b9a6689c4797ccfa8436678ec9e85ea9f

Score
10/10
hawkeyeexecutionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      SchooiCleaner_F1.0.bat

    • Size

      3KB

    • MD5

      cab482ff59621fe2a023112e7e16b89d

    • SHA1

      3b59142249f7020dcb5ab52bea14805f8922e5d8

    • SHA256

      ab22ed1dc9c0a8eb99a8d0c4e496671c930e07d57b628da59fc30ad0900c6763

    • SHA512

      52720ce0ccb0cb2a1fe7b261c34733a02fce99b7d3ac8c2e63945a26f0e1345bc6fcf489b535d114447d498f13ed259b9a6689c4797ccfa8436678ec9e85ea9f

    Score
    10/10
    hawkeyeexecutionkeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks