General
-
Target
2024-12-19_b5b677b41d7ddfddcd271967ef8c0f1f_bkransomware_hawkeye
-
Size
516KB
-
Sample
241219-xbnkmaxlgx
-
MD5
b5b677b41d7ddfddcd271967ef8c0f1f
-
SHA1
fbe03b7c0888daf27656250ce2428fdd5696ea34
-
SHA256
72bc363fafe846daa5eeb29fc6d0966ca2934812c77fecc1ec911b8f7fcb87a4
-
SHA512
f90e30d8d00501f2d4fa1672ae4d59d5dd8b4ae016e8adab0eee33a30e1da52e9e3d78c766c5eff52f634407b8a5251cb6285f2ee306fb656e37d09ea2e58162
-
SSDEEP
6144:QoyZmTAsfJFakxaLjcMkc0Cax1PzGp6bYA0w601+dNT9/0626ASkVOAF+UzGD+IY:QoyIJsMPrPip6bYboEdN8zHZ
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-19_b5b677b41d7ddfddcd271967ef8c0f1f_bkransomware_hawkeye.exe
Resource
win7-20241010-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-12-19_b5b677b41d7ddfddcd271967ef8c0f1f_bkransomware_hawkeye
-
Size
516KB
-
MD5
b5b677b41d7ddfddcd271967ef8c0f1f
-
SHA1
fbe03b7c0888daf27656250ce2428fdd5696ea34
-
SHA256
72bc363fafe846daa5eeb29fc6d0966ca2934812c77fecc1ec911b8f7fcb87a4
-
SHA512
f90e30d8d00501f2d4fa1672ae4d59d5dd8b4ae016e8adab0eee33a30e1da52e9e3d78c766c5eff52f634407b8a5251cb6285f2ee306fb656e37d09ea2e58162
-
SSDEEP
6144:QoyZmTAsfJFakxaLjcMkc0Cax1PzGp6bYA0w601+dNT9/0626ASkVOAF+UzGD+IY:QoyIJsMPrPip6bYboEdN8zHZ
-
Modifies firewall policy service
-
Sality family
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5