General
-
Target
2024-12-17_97625f6340448690eaa0593f1fe672a4_bkransomware_hawkeye
-
Size
524KB
-
Sample
241217-zl8dwsxnax
-
MD5
97625f6340448690eaa0593f1fe672a4
-
SHA1
bb6f4a0b195f02ec8426c5ff6c89aea6b9cf558c
-
SHA256
b2a7e0ff027edace8c5595b18e685ecbc126586d22096eaf66af5568ffb4d3e4
-
SHA512
49f2acbf84666286cf5eb071a24c67c6ab1ce28e6b655ff249c88c097d8bae383a6cd672e06c840a81b1dae4d501533df10b67c0073e894e5bce60f520909909
-
SSDEEP
6144:moyZmTAsfJFakxaLjcMkc0Cax1P9Gp6bYA0w601+dNT9/0626ASkVOAF6ws/pEPm:moyIJsMPrPgp6bYboEdN5ZCPpfc
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-17_97625f6340448690eaa0593f1fe672a4_bkransomware_hawkeye.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-12-17_97625f6340448690eaa0593f1fe672a4_bkransomware_hawkeye
-
Size
524KB
-
MD5
97625f6340448690eaa0593f1fe672a4
-
SHA1
bb6f4a0b195f02ec8426c5ff6c89aea6b9cf558c
-
SHA256
b2a7e0ff027edace8c5595b18e685ecbc126586d22096eaf66af5568ffb4d3e4
-
SHA512
49f2acbf84666286cf5eb071a24c67c6ab1ce28e6b655ff249c88c097d8bae383a6cd672e06c840a81b1dae4d501533df10b67c0073e894e5bce60f520909909
-
SSDEEP
6144:moyZmTAsfJFakxaLjcMkc0Cax1P9Gp6bYA0w601+dNT9/0626ASkVOAF6ws/pEPm:moyIJsMPrPgp6bYboEdN5ZCPpfc
-
Modifies firewall policy service
-
Sality family
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5