hawkeye

General

Target

abdc2b9a5b4e01c39e005912a6b012cbca41217c229e4247b3d4307525bb2b53
Size

75KB
Sample

240821-fpmrtavcpq
MD5

47008c3f549a07b6b7a324c706ed1bf9
SHA1

93c3347a33a00c21002237f193dad9152080c60d
SHA256

abdc2b9a5b4e01c39e005912a6b012cbca41217c229e4247b3d4307525bb2b53
SHA512

14795a001080e793f7f4d20ff8f57a44034726c79c69b270443de4d5903559c616faee4832363a3b8674887e336ffeea36c40537e3a0978bdadc711577b9830e
SSDEEP

768:wM9OeLD1kLzL/zkYNt/qC8hWxlwWf1Co+Fm6/JDW6ATYrb:t95Ofm0xlwWE5

Score

10^/10

Malware Config

Extracted

Family

lumma

C2

https://writerospzm.shop/api

https://deallerospfosu.shop/api

https://bassizcellskz.shop/api

https://languagedscie.shop/api

https://complaintsipzzx.shop/api

https://quialitsuzoxm.shop/api

https://tenntysjuxmz.shop/api

Targets

- Target
  
  abdc2b9a5b4e01c39e005912a6b012cbca41217c229e4247b3d4307525bb2b53
- Size
  
  75KB
- MD5
  
  47008c3f549a07b6b7a324c706ed1bf9
- SHA1
  
  93c3347a33a00c21002237f193dad9152080c60d
- SHA256
  
  abdc2b9a5b4e01c39e005912a6b012cbca41217c229e4247b3d4307525bb2b53
- SHA512
  
  14795a001080e793f7f4d20ff8f57a44034726c79c69b270443de4d5903559c616faee4832363a3b8674887e336ffeea36c40537e3a0978bdadc711577b9830e
- SSDEEP
  
  768:wM9OeLD1kLzL/zkYNt/qC8hWxlwWf1Co+Fm6/JDW6ATYrb:t95Ofm0xlwWE5
Score

10^/10

hawkeye lumma xmrig defense_evasion discovery evasion execution keylogger miner persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2