hawkeye | cafcac531e6347582823cb2e405f0c3e92162dfcd8f8ea761bcfbf0b0dc10286 | Triage

Sharing

General

Target

remcos_a.exe
Size

431KB
Sample

250327-byvrkav1et
MD5

ce511745116cb492d55c1ffaf9d1d655
SHA1

79de3a27eed9bcfd1012a1b306874e59ff636888
SHA256

cafcac531e6347582823cb2e405f0c3e92162dfcd8f8ea761bcfbf0b0dc10286
SHA512

358b44ef9b6419764f525048ffdd717a55ff22c2d4f18e1ed841c89b4978d371b9343a3d22ac3cd863cc53f9f2eefac4dd08df123ca5f6a2287f4d02c2ac7523
SSDEEP

6144:9IdUXq44bq4LrqMUz2y6cdjJ4nCb0KhEekcdK5xAO2XjXapGc3eou:9IdU6tdyDJZQKhEe7WAXWp8ou

Score

10^/10

hawkeye remcos remotehost defense_evasion discovery keylogger spyware stealer trojan

Malware Config

Extracted

Family

remcos

Version

6.1.0 Light

Botnet

RemoteHost

C2

male-shut.gl.at.ply.gg:2491

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-943I9A
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  remcos_a.exe
- Size
  
  431KB
- MD5
  
  ce511745116cb492d55c1ffaf9d1d655
- SHA1
  
  79de3a27eed9bcfd1012a1b306874e59ff636888
- SHA256
  
  cafcac531e6347582823cb2e405f0c3e92162dfcd8f8ea761bcfbf0b0dc10286
- SHA512
  
  358b44ef9b6419764f525048ffdd717a55ff22c2d4f18e1ed841c89b4978d371b9343a3d22ac3cd863cc53f9f2eefac4dd08df123ca5f6a2287f4d02c2ac7523
- SSDEEP
  
  6144:9IdUXq44bq4LrqMUz2y6cdjJ4nCb0KhEekcdK5xAO2XjXapGc3eou:9IdU6tdyDJZQKhEe7WAXWp8ou
Score

10^/10

hawkeye defense_evasion discovery keylogger spyware stealer trojan
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- UAC bypass
  defense_evasion trojan
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

remotehostremcos

behavioral1

hawkeyedefense_evasiondiscoverykeyloggerspywarestealertrojan