General

  • Target

    2024-11-14_c07338aba36553458e7a69157218134d_hawkeye_magniber

  • Size

    12.9MB

  • Sample

    241114-k96smswhke

  • MD5

    c07338aba36553458e7a69157218134d

  • SHA1

    f80beaf33becdbda44ad2b8fd6b0d5e4dede0d0e

  • SHA256

    11dcbbb9664c915f01d836f19e506389678d3214e7d8b10b01fc215a4c49974d

  • SHA512

    c1156c702fe49ff5670677379e2e4fcb1492a5bc0e9157a07e1f7950f64bd72e0eb90e4717b1699aa64e1b9d64579523167bc633cc35b091d6627d581d26c6eb

  • SSDEEP

    98304:7VjnmHD7KjjqkusjmqMh5TYmnbOMt7ZUy6TX0mfse:1nEwjqkjiqM8Ct9Uy6TX0mke

Malware Config

Targets

    • Target

      2024-11-14_c07338aba36553458e7a69157218134d_hawkeye_magniber

    • Size

      12.9MB

    • MD5

      c07338aba36553458e7a69157218134d

    • SHA1

      f80beaf33becdbda44ad2b8fd6b0d5e4dede0d0e

    • SHA256

      11dcbbb9664c915f01d836f19e506389678d3214e7d8b10b01fc215a4c49974d

    • SHA512

      c1156c702fe49ff5670677379e2e4fcb1492a5bc0e9157a07e1f7950f64bd72e0eb90e4717b1699aa64e1b9d64579523167bc633cc35b091d6627d581d26c6eb

    • SSDEEP

      98304:7VjnmHD7KjjqkusjmqMh5TYmnbOMt7ZUy6TX0mfse:1nEwjqkjiqM8Ct9Uy6TX0mke

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks