Extracted

• • Target

    2025-02-06_1b2cb2ec4b1c1ad891257c1943447a30_hawkeye_luca-stealer_magniber

  • Size

    9.5MB

  • MD5

    1b2cb2ec4b1c1ad891257c1943447a30

  • SHA1

    4ce1ef3c337925e97aa6964e691d70c87aee11cb

  • SHA256

    250f6a4dd40a9ad48e66f006c9ab24aa165322180b94a954ccfa55e02d4b8266

  • SHA512

    0ba75b54cfa0623cc6d225c2490a3254f169c8d27a2a64866ff3e201298826ac9466c77ee2c7b1c89fb660c2696a1911a22079390a62fb7ddbdd6e9583365e0b

  • SSDEEP

    196608:V78cEXTRiA3JjtvqiAxhv9sg1tKCTpYAQEWrqufezvGWUJ/h:VocYRiIt07vJYZEW2uGz+WUJ/h

  Score

  10^/10

  salitybackdoordefense_evasiondiscoveryspywarestealertrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    defense_evasiontrojan

  • Blocklisted process makes network request

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2