General

  • Target

    SchooiCleaner_1.0___.bat

  • Size

    3KB

  • Sample

    240714-qjdl3a1hrr

  • MD5

    465174459f8c6f3adb38ff015e8dc808

  • SHA1

    8623ed6b17f5d17ffa00a162b1c5f7a784af7eb6

  • SHA256

    4361ee39760d6451345a135dbb6845f2f17ddab9b1eb6c141c6cd37745b160c4

  • SHA512

    f2a9c82f3b79f5d103e1dd485144f504dc468e626510b6b3b6e3004a667c0110a35eb2e9939b9697f4474de8a9c62457bfb03640193f5a462f10f44c0ac7b9d8

Malware Config

Targets

    • Target

      SchooiCleaner_1.0___.bat

    • Size

      3KB

    • MD5

      465174459f8c6f3adb38ff015e8dc808

    • SHA1

      8623ed6b17f5d17ffa00a162b1c5f7a784af7eb6

    • SHA256

      4361ee39760d6451345a135dbb6845f2f17ddab9b1eb6c141c6cd37745b160c4

    • SHA512

      f2a9c82f3b79f5d103e1dd485144f504dc468e626510b6b3b6e3004a667c0110a35eb2e9939b9697f4474de8a9c62457bfb03640193f5a462f10f44c0ac7b9d8

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks