ioc[.]one - OSINT Cyber Threat Intelligence Database

HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog

Tags

cmtmf-attack-pattern:	Application Layer Protocol Masquerading Obfuscated Files Or Information Process Injection Scheduled Task/Job
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Clipboard Data - T1414 Credentials - T1589.001 Credentials From Password Stores - T1555 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Hidden Files And Directories - T1564.001 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Keylogging - T1056.001 Keylogging - T1417.001 Local Data Staging - T1074.001 System Network Configuration Discovery - T1422 Malicious File - T1204.002 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Virtualization/Sandbox Evasion - T1497 Unsecured Credentials - T1552 Tool - T1588.002 Virtualization/Sandbox Evasion - T1633 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Clipboard Data - T1115 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Email Collection - T1114 Hidden Files And Directories - T1158 Remote File Copy - T1105 Masquerading - T1036 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Process Hollowing - T1093 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Screen Capture - T1113 Security Software Discovery - T1063 Third-Party Software - T1072 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 User Execution - T1204 Masquerading Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	65025c39-7a27-45ae-9b96-294e9b2ea4ec
Fingerprint	352c0805a1b50395
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 13, 2024, 10:54 a.m.
Added to db	Nov. 13, 2024, 12:24 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	HawkEye Malware: Technical Analysis
Title	HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog
Detected Hints/Tags/Attributes	134/3/55

Source URLs

	Redirection	Url
Details	Source	https://any.run/cybersecurity-blog/hawkeye-malware-technical-analysis/

URL Provider

Details	Provider	Source level domain
Details	any.run	any.run

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	14	✔	ANY.RUN's Cybersecurity Blog	https://any.run/cybersecurity-blog/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	911	any.run
Details	File	249	schtasks.exe
Details	File	70	vbc.exe
Details	File	4	holdermail.txt
Details	File	30	index.dat
Details	File	29	profiles.ini
Details	md5	4	60fabd1a2509b59831876d5e2aa71a6b
Details	md5	3	defc51f31f6c4fa89cc6a39a62d8a08f
Details	md5	3	dea59d578e0e64728780fb67dde7d96d
Details	md5	3	040058f70ffdee6398f7b64ae1ea46d3
Details	md5	3	e651dca5c850451cdba7f25cbb4134e7
Details	md5	3	de823ba5d67de8682e6d7b8b472dbbcb
Details	md5	3	25a2d98dfcf6a12ea6459882c56aa2e0
Details	md5	3	179b219afa2ac15b14affd399273148b
Details	md5	3	38a3cb547a0a19a61534792f572f08b0
Details	md5	3	addcd85e0126e63e46da09eb8ea97120
Details	md5	3	0a2f6501a36c1b13532139e3c1843109
Details	md5	3	06916c9505da82f63a73768c6f336192
Details	md5	3	ab264deb2563dc4df8b281b18e0861ba
Details	IPv4	3	66.147.236.46
Details	IPv4	3	204.141.42.56
Details	IPv4	3	129.204.194.84
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	86	T1055.012
Details	MITRE ATT&CK Techniques	49	T1074.001
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	157	T1560
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	82	T1115
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	22	T1583.008
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run