General
-
Target
extractmytoken.exe
-
Size
40.7MB
-
Sample
241113-znl9fayhpn
-
MD5
806a13425f93918f46cdb610d67cf799
-
SHA1
9819c96469268984aaab1b7f15d63b24f18b7053
-
SHA256
4b203a70485ceed8dc06cd862f575ec73dbccffaefd741a1b7b2fbc250a62e78
-
SHA512
8402761f8e89551012c4ffafe6128045a66e956bf67fb076e991a933a3c04bf55e7c0ddec73027631227fc9c4b5ae8ba7e93eb362f80138ba1e790065b0242eb
-
SSDEEP
786432:7KXB5QAmDW8OrXMb8DTmxBZkxpFNWCTY5QHoE4DIeFKae002EXJF:s5hGWrrcam3yxpzWSY5I/teFZS
Malware Config
Targets
-
-
Target
extractmytoken.exe
-
Size
40.7MB
-
MD5
806a13425f93918f46cdb610d67cf799
-
SHA1
9819c96469268984aaab1b7f15d63b24f18b7053
-
SHA256
4b203a70485ceed8dc06cd862f575ec73dbccffaefd741a1b7b2fbc250a62e78
-
SHA512
8402761f8e89551012c4ffafe6128045a66e956bf67fb076e991a933a3c04bf55e7c0ddec73027631227fc9c4b5ae8ba7e93eb362f80138ba1e790065b0242eb
-
SSDEEP
786432:7KXB5QAmDW8OrXMb8DTmxBZkxpFNWCTY5QHoE4DIeFKae002EXJF:s5hGWrrcam3yxpzWSY5I/teFZS
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1