hawkeye | 92e79e9d1b1706ac5e31616473a4ee97c23f9adc8e2e6b8a28698e1194277e59 | Triage

Sharing

General

Target

c42ddbce16aea96c0bb88d9e87c980a2_JaffaCakes118
Size

620KB
Sample

240827-cdbzdsxbkb
MD5

c42ddbce16aea96c0bb88d9e87c980a2
SHA1

526145c89f037374a2bcc1cfd7c8c5432e325409
SHA256

92e79e9d1b1706ac5e31616473a4ee97c23f9adc8e2e6b8a28698e1194277e59
SHA512

24cc40fee52425430b98ccbf35fafe861c4547a84d5955229339fa17e856164b857f1095a8667739884020c4289cc7de3ef7cae7821055393ed3cdb97f7b2b4d
SSDEEP

12288:b1+XIo9JSfYOgY8Kljo34ojth+qQ6lmQKFN65l1PaZr4a6M2yOK:gS8ONqh+qQ6lkN6r1yZr4NM2yt

Score

10^/10

hawkeye latentbot discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

latentbot

C2

dcomete70353.zapto.org

1dcomete70353.zapto.org

2dcomete70353.zapto.org

3dcomete70353.zapto.org

4dcomete70353.zapto.org

5dcomete70353.zapto.org

6dcomete70353.zapto.org

7dcomete70353.zapto.org

8dcomete70353.zapto.org

Targets

- Target
  
  c42ddbce16aea96c0bb88d9e87c980a2_JaffaCakes118
- Size
  
  620KB
- MD5
  
  c42ddbce16aea96c0bb88d9e87c980a2
- SHA1
  
  526145c89f037374a2bcc1cfd7c8c5432e325409
- SHA256
  
  92e79e9d1b1706ac5e31616473a4ee97c23f9adc8e2e6b8a28698e1194277e59
- SHA512
  
  24cc40fee52425430b98ccbf35fafe861c4547a84d5955229339fa17e856164b857f1095a8667739884020c4289cc7de3ef7cae7821055393ed3cdb97f7b2b4d
- SSDEEP
  
  12288:b1+XIo9JSfYOgY8Kljo34ojth+qQ6lmQKFN65l1PaZr4a6M2yOK:gS8ONqh+qQ6lkN6r1yZr4NM2yt
Score

10^/10

hawkeye latentbot discovery evasion keylogger persistence spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyelatentbotdiscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2