Overview

overview

6

Static

static

3

windhawk_setup.exe

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    windhawk_setup.exe

  • Size

    10.7MB

  • Sample

    240715-bmzlda1enl

  • MD5

    a7699df432c7a074cc1d26bac0579c1b

  • SHA1

    87ceda7562e1ff4a8771beac0d51660e51af3ba8

  • SHA256

    85dbfda445ba4b23c167e9c3767fb812366642c6f40d3b4d1ba00040595cec30

  • SHA512

    88acad7947592510d954c6d17b03d8f952fc63e85dadb701c3420ee5f103de853648c4529e2dc35cdfdd514c8638033cc27e2b01960f9d5feea72740958c5f66

  • SSDEEP

    196608:BLK+C3ttDNXsHFGKzt/Lxdd8tC/r7M/3DdVdBp1xVzqOri:BbC9t58XzphM/BNTVri

Score
6/10
discoveryexecution

Malware Config

Targets

    • Target

      windhawk_setup.exe

    • Size

      10.7MB

    • MD5

      a7699df432c7a074cc1d26bac0579c1b

    • SHA1

      87ceda7562e1ff4a8771beac0d51660e51af3ba8

    • SHA256

      85dbfda445ba4b23c167e9c3767fb812366642c6f40d3b4d1ba00040595cec30

    • SHA512

      88acad7947592510d954c6d17b03d8f952fc63e85dadb701c3420ee5f103de853648c4529e2dc35cdfdd514c8638033cc27e2b01960f9d5feea72740958c5f66

    • SSDEEP

      196608:BLK+C3ttDNXsHFGKzt/Lxdd8tC/r7M/3DdVdBp1xVzqOri:BbC9t58XzphM/BNTVri

    Score
    6/10
    discoveryexecution

    • Legitimate hosting services abused for malware hosting/C2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks