General
-
Target
2024-12-19_f69d7e9fb1f50f1cf995bf6a54f63ae5_bkransomware_hawkeye
-
Size
516KB
-
Sample
241219-xkd3jsxmgs
-
MD5
f69d7e9fb1f50f1cf995bf6a54f63ae5
-
SHA1
152dd384d2701a46356d9318b3dddc587b94f726
-
SHA256
e0821801b2fd3d55711de3b4cd28c9bb2cae3fde97a8ed92a231b90fa55d2de5
-
SHA512
59aef24eca35e617a2dbfaef58b6032c058e3a43a771b6c84af771729d19eb6b68db1660c40cd3f7659abdaa74ac058e453a26735a67caa8d9d2480e6c993d99
-
SSDEEP
6144:8oyZmTAsfJFakxaLjcMkc0Cax1PrGp6bYA0w601+dNT9/0626ASkVOAFOvJyeVMP:8oyIJsMPrPqp6bYboEdNtvJycuh
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-19_f69d7e9fb1f50f1cf995bf6a54f63ae5_bkransomware_hawkeye.exe
Resource
win7-20240903-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2024-12-19_f69d7e9fb1f50f1cf995bf6a54f63ae5_bkransomware_hawkeye
-
Size
516KB
-
MD5
f69d7e9fb1f50f1cf995bf6a54f63ae5
-
SHA1
152dd384d2701a46356d9318b3dddc587b94f726
-
SHA256
e0821801b2fd3d55711de3b4cd28c9bb2cae3fde97a8ed92a231b90fa55d2de5
-
SHA512
59aef24eca35e617a2dbfaef58b6032c058e3a43a771b6c84af771729d19eb6b68db1660c40cd3f7659abdaa74ac058e453a26735a67caa8d9d2480e6c993d99
-
SSDEEP
6144:8oyZmTAsfJFakxaLjcMkc0Cax1PrGp6bYA0w601+dNT9/0626ASkVOAFOvJyeVMP:8oyIJsMPrPqp6bYboEdNtvJycuh
-
Modifies firewall policy service
-
Sality family
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5